Custom policies

In the wizard for custom policies:

Steps

  1. On the General tab, enter a unique Policy name and a Description of the policy.
  2. Mark Enabled to activate the policy.
  3. By default, no Policy owners are included in the policy. To define policy owners, click Edit, then:
    1. Select the type of accounts to Display (Administrators, by default).
    2. Select one or more accounts from the list on the left, then click the right arrow to move them to the Selected list. Accounts in this list are considered policy owners, and are notified in the event of a policy breach.
    3. Click OK.
  4. Indicate whether to Use the policy name for the rule name (default) or Use a custom name for the rule.

    If you select the custom name option, enter a custom Rule name and, optionally, a Description.

  5. Click Next.
  6. Use the Condition tab, specify whether this rule monitors specific data or all activities, and whether the data is monitored in all parts of the transaction as a whole or each part of the transaction separately.
  7. Click Add to add one of the following content classifiers or attributes to the condition you are creating:
    • Patterns & phrases: Follow the Select a Content Classifier wizard and choose one from the list of existing classifiers or build your own. Toggle between the General and Properties tabs to complete the information and click OK. See Patterns & Phrases section, for details.
    • File Properties: Select file properties to add to this policy. Click OK. See File properties section, for details.
    • Fingerprint: Select the fingerprint classifier to use for this policy. Click OK. See Fingerprint section, for details.

    Select a Content Classifier and click Remove to not include it in the condition you are defining.

  8. Select an answer for the question: When do you want to trigger the rule?
    • All conditions are matched
    • At least one condition is matched
    • Custom

      After selecting custom, use the options on the right to complete the condition description.

  9. Click Next to define the Severity & Action for incidents that match this rule and to specify the action plan to be taken. Click Advanced to further specify the severity according to the number of matched conditions.
  10. Click Next to complete the wizard.
  11. Click Finish to create the new rule and add it to the policy.

Next steps

The process of adding rules and exceptions to discovery policies is the same as for DLP policies. See Managing rules section, and Managing exceptions section, for instructions.