Data Loss Prevention

 View Only

  • 1.  How do I disregard non-SSN 9 digits

    Posted Jan 12, 2018 08:04 AM

    Situation: I'm blocking email transmission if content matches positive for an SSN EDP (DLP 14.6).

    Problem: 123,456,789 and 123456789 and 123-45-6789 will all match as SSNs.

    Any solutions? I don't want to create "holes" I just want to explore possible options. I wish I could perform Rules or Exceptions explicitly on the matched results of Rules or Exceptions.



  • 2.  RE: How do I disregard non-SSN 9 digits
    Best Answer

    Trusted Advisor
    Posted Jan 15, 2018 03:40 PM

    You should make sure to use the SSN DI in narrow breadth, that way it needs a keyword.

    Also you can update the SSN DI to the following.. it will get rid of false positives with websites and other False Positives.

    SSN Regex:
    I have updated the REGEX's in the Data Identifier for the SSN's so that it will NOT match an '&' at the end of a 9 digit number. so the regex looks like this now -- /d{9}[^&]

    You can take the same approach when it comes to the zip code matching, to where it HAS to have a blank after the 9 digit number. - \d{9}\s

    This is also another option to REQUIRE the beginning of a 'word'' and then a 9 digit number with a space at the end of it. - \b\d{9}\s

     

    Try these out.. 

    Good luck,

     

    Ronak

    PLEASEMARKED SOLVED WHEN POSSIBLE