Properties tab

Define the threshold for matches and the fields to search for the classifier.

Steps

  1. Set the Threshold that determines the number of matches that trigger an incident:
    • Use At least to select the minimum number of matches that must be made (1-999).
    • Use Between to select an exact range of matches (1-999).
    • Use No match exists to trigger the rule if there are no matches.
  2. Define how the threshold numbers are calculated:
    • Count only unique matches. Note that case differences are counted separately for word-related classifiers. For example, word, Word, and WORD would return 3 matches when this option is selected.
    • Count all matches, even duplicates
  3. Click Analyze Fields to view and select the fields to search for this classifier.
    • Select Search all available fields to search content fields that pose the highest risk of a policy breach. The fields are searched for the key phrases, regular expressions, dictionary terms, or fingerprints you specify. This is the default.
    • Select Search specific fields to identify one or more fields to search. The fields apply mainly to the email destination channel.
    Field Description
    File/attachment Search files or attachments for each chosen destination channel.
    File metadata Search the metadata of files or attachments.
    Subject Search only the subject line of messages.
    Body Search only the main body of a messages.
    From Search only the From field of a message.
    To Search only the To field of a message (email only).
    Cc Search only the carbon copy field of a message (email only).
    Bcc Search only the blind carbon copy field of a message (email only).
    Other header

    Search in headers that are not covered by the above options:

    • Search in All headers not covered in the above options. Includes all standard headers—Date, Message-ID, or Importance—as well as non-standard headers (x-headers, including x-mailer, x-spam-reason, and x-origin-ip) added during the sending of an email.
    • Search in User-defined header. Some organizations define x-headers to add custom information to the email message header. For example, they might create an x- header such as “X-MyCompany: Copyright 2017 MyCompany”.

    After selecting this option, enter the header name.