Data Loss Prevention

 View Only

  • 1.  Excluding certian IBANs from alerting

    Posted Oct 13, 2017 10:39 AM

    Hi,

    We have the following situations:

    1. we have certain IBANs we want to exclude from raising alerts based on a common property e.g. they contain a certain string. So we do have a policy based on the IBAN East data identifier. It an IBAN identified by the data identifier contains a string like "TEST" we would want that IBAN to not be a match on the policy.

    2. we have a list IBANs that are not PII and thus should not be counted as a match when come upon.

    What we have tried so far:

    For 1: inside the policy we created exceptions based on regular expressions but then, if an IBAN with the "TEST" string is inside the message among other IBANs that interest us, the whole message is discarded, behaviour that is not wanted. We want to still raise incidents if the message contains IBANs but just disregard the ones containing the "TEST" string.

    For 2: inside the policy we created an exception on matched components only with condition on keywords (so basically a list). The problem is that if any one of those IBANs are inside a message, again, the whole message is disregarded.

    If there are questions about the described scenarios/our intentions, I will try to clarify them.

    Any ideas how we could solve our two problems ?

    Kind regards,

    Dragos



  • 2.  RE: Excluding certian IBANs from alerting

    Posted Oct 18, 2017 01:49 AM

    anyone ?



  • 3.  RE: Excluding certian IBANs from alerting

    Posted Oct 18, 2017 06:59 AM

    Afternoon,

    If you are using the built in Data Identifiers for IBAN West, East, Central add an additional rule called exclude exact match to the Data Identifier which explicitly excludes the IBAN's you are after. That works fine for us where we want to alert on IBAN's but not Corporate Owned IBAN's (which are on the bottom of all bills)

    Kind Regards,

    Jeremy MacMull

    Please mark this as a sotution if this has solved your problem.



  • 4.  RE: Excluding certian IBANs from alerting

    Posted Oct 19, 2017 07:20 AM

    Hi JeremyMacMull and thanks for your answer !

    The information you provided is exactly what we were looking for in respect to the 2nd point.

    But regarding the first point, namely excluding IBANs containing a certain string inside them we are still looking for a solution.

    Kind regards,

    Dragos



  • 5.  RE: Excluding certian IBANs from alerting

    Trusted Advisor
    Posted Oct 20, 2017 08:43 PM

    hi

     Create your own data identifier by copying the one you are currently using and then add validator "Exclude exact match" to exclude your corporate IBAN.

    (you could also use some other validators available in solution or define your own using a script)

     

     regards



  • 6.  RE: Excluding certian IBANs from alerting

    Posted Oct 24, 2017 07:19 AM

    Hi stephane.fichet and thanks for your answer !

    Regarding exact matches, I understood this from JeremyMacMull's answer, now point 1 from my initial question remains open. Unfortuately I don't think duplicating a built-in data identifier is possible (or at least I could not find that option).

    Kind regards,
    Dragos