Video Screencast Help

Unique Match Count for Email Addresses

Created: 11 Mar 2013 | 6 comments

Hello,

With 11.6.x DLP has capability to do unique match count on policies which uses Data identifiers and is working fairly well. We have a different policy which is based on REGEX to detect email addresses being sent out via attachments. Our current policy is designed to detect more than 100 email ids, but unfortunately it detects even if the email id is only one and is repeated 100 times. There is no unique match count option available.

Has anyone experienced this or found a solution?

thanks in advance..

 

Operating Systems:

Comments 6 CommentsJump to latest comment

DLP Solutions's picture

S,

There is a way to do this and it is by creating a Custom Data Identifier that looks for email addresses. This will then give you capability of doing a unique match count.

Just take the REGEX you have and create a NEW custom DI for emails. Then you can modify the policy to look for that new custom DI.

**** Keep in mind that the DI uses a different variat of REGEX and you will most probably need to change the REGEX you use in the custom DI.

Try this.. I have not tested it in the DI section:

\b[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\b

 

Please call solved if possible..

Ronak

 

 

Please make sure to mark this as a solution

to your problem, when possible.

 

SaVijayan's picture

Thanks Kishorilal. Since the problem is around unique match counting which only DI uses, i was trying to create one new data identifier for email addresses. I already have an existing regex for email, but it doesnt do unique match counts.

I tried a few but doesnt help, so was looking to the community to see if anyone solved that puzzle.

kishorilal1986's picture

Dear,

I think u need the hash table of unique email address and need to use EDM technology for your requirement still refer below as it can aslo help you.

There us on esetting called as Match counting :mark-check for existence

Please refrer below and also I thi

https://www-secure.symantec.com/connect/ideas/enha...

https://www-secure.symantec.com/connect/forums/dlp...

SaVijayan's picture

Yes, EDM is the only was to go now unless someone can create a data identifier for email addresses.

Both those threads doesnt have a resolution for the problem.

Unique match count is only a feature for data identifiers today

Santosh Mistry's picture

Dear SaVijayan,

You can get only the related answer and not exactly the resolution of problem, Above thraed have enough resolution understanding and u just need to get idea from it