Hi,
We have the following situations:
1. we have certain IBANs we want to exclude from raising alerts based on a common property e.g. they contain a certain string. So we do have a policy based on the IBAN East data identifier. It an IBAN identified by the data identifier contains a string like "TEST" we would want that IBAN to not be a match on the policy.
2. we have a list IBANs that are not PII and thus should not be counted as a match when come upon.
What we have tried so far:
For 1: inside the policy we created exceptions based on regular expressions but then, if an IBAN with the "TEST" string is inside the message among other IBANs that interest us, the whole message is discarded, behaviour that is not wanted. We want to still raise incidents if the message contains IBANs but just disregard the ones containing the "TEST" string.
For 2: inside the policy we created an exception on matched components only with condition on keywords (so basically a list). The problem is that if any one of those IBANs are inside a message, again, the whole message is disregarded.
If there are questions about the described scenarios/our intentions, I will try to clarify them.
Any ideas how we could solve our two problems ?
Kind regards,
Dragos