Data Loss Prevention

 View Only

  • 1.  DLP - Indexed Documents (IDM)

    Posted May 09, 2017 10:22 AM

    Hello Everyone,

    I'm using DLP v 14.6 and wondering how IDM works. I tried upload txt file (zipped) with some words separated by comma: Manage/Data Profiles/Indexed Documents/My_profile/ and "upload Document Archive to Server Now Do not use for archives containing Non-ASCII filenames" but the status of documents is stil equal 0. I have no idea why, any one can help? Is there is some rulse how the file with disclaimers should looks like? Is it possible that DLP is not recognizing it because the structure of file is incorrect?

    Best Regards

    Tomasz



  • 2.  RE: DLP - Indexed Documents (IDM)

    Posted May 12, 2017 09:04 AM

    Hi Tomasz,

    IDM is meant for documents containing a fair amount of content or text in most cases, try using an office document or PDF.

    If you want to match against values in a csv (say an export from a database), that would be structured data and you would want to use Exact Data Matching for that. I'd suggest following the directions in the Administration Guide for both, as there are some requirements for utilising both of these that need to be met.



  • 3.  RE: DLP - Indexed Documents (IDM)

    Posted May 12, 2017 09:38 AM

    Hi Dean,

    Thank you for answer, I found on other post that I should put zipped dislaimers file (e.g. Disclaimer.zip) on server where DLP is installed so I did it, copied to /var/SymantecDLP/documentprofile and right now the file is available to select in DLP Console (Reference Archive on Enforce Server). I created a Policy and some rules and tested it, unfortunately disclaimers weren't catched. I nearly sure that the reason is Manage/Data Profiles/Indexed Documents, the 3rd column (Documents) is showing 0 - as I'm guessing is treating that no documents has been recognized in zipped files - correct me if I am wrong, but if not do you know how to fix it?



  • 4.  RE: DLP - Indexed Documents (IDM)

    Trusted Advisor
    Posted Jun 05, 2017 05:50 PM

    I would try to do this the right way in stead of hacking it.

    Create a zip file with 10+ files (Docs, PDF's not excle or comma files)

    Upload that to the IDM profile.. make sure to check the box to 'Create Profile on Save"

    Create a policy then to detect against that IDM and set the % to a low number (5 or 10%)

    Then create an incident by copying a bunch of lines from one of the files and putting in an email or copying a portion of the file to USB.

    Good Luck, Ronak.