Fingerprint classifiers

Two types of fingerprint classifiers can be added: files or database records

The Properties link for a database classifier opens a page with two tabs: General and Properties. Use the General tab for field selection and the Properties tab to define the threshold and email fields described in above.

Database Fingerprint

For database records classifiers, the page displays table field (or column) names. Select the fields to scan (up to 32 per table).

For endpoints, the number of fields selected for a database fingerprinting classifier can affect accuracy. For the most accurate results, scan 3 or more fields.

  • If only one field is being scanned, set a minimum threshold of 5 to reduce the likelihood of unintended matches. (When an administrator attempts to set a lower threshold, the system changes it to 5.)
  • If 2 fields are scanned, set the minimum threshold to 3 or more. (Trigger an incident when 3 or more field1/field2 combinations are detected.)
Number of Fields Minimum Threshold
1 5
2 3
3 or more 1
Note: If a condition applies to both network and endpoint resources, the threshold is changed for the endpoint only. Network resources retain the threshold you define on the Properties tab.

For more information on creating fingerprint classifiers, see Database fingerprinting section.

File Fingerprint

When configuring a fingerprinting classifier for DLP and Discovery policies, applicable to both rules and exceptions, you can modify the sensitivity level settings from the Condition tab. This feature ensures that the policies are aligned with the desired security parameters.

To select the sensitivity level of a fingerprinting classifier, complete the following steps.
  1. Navigate to Policy Management > DLP/Discovery Policies > Manage Policies > .
  2. Add a new rule or select an existing rule.
  3. Under Condition tab, click on hyperlink in Properties.

    Edit Condition Line page opens.

    Name of the content classifier and Description are displayed.

  4. From Sensitivity Level section, select the sensitivity level of the File Fingerprinting classifier from the following options.
    • Default
    • Narrow

      When Narrow option is enabled, the Data Loss Prevention (DLP) algorithm modifies various indicators. Notably, it increases the minimum text volume required for file similarity reports, which consequently decreases the number of matches.

    Note: When the selected File Fingerprinting classifier is configured with the Exact Match method, the sensitivity level is fixed and cannot be modified. File similarity is consistently measured at 100%.
  5. Click OK.