Configuring web DLP policy attributes
Use the Attributes tab of the Forcepoint Security Manager to select one or more web attributes to include in the policy.
page in the Data Security module of theTo include an attribute:
- Select the attribute from the Attributes list.
- Mark the Enabled check box in the right pane.
Properties that apply to the attribute are listed under the check box.
- Modify the attribute properties as needed, including:
- The default severity (low, medium, or high)
- What action to take when a breach is detected (for example, block). Actions are described in Adding or editing an action plan section.
The available properties for each attribute are described in the table below.
Repeat this procedure for each attribute that you want to include. When the system detects a match for an attribute, it triggers the policy.
To send notifications when there is a violation related to a specific attribute, mark the Send the following notification check box.
- To configure who receives notifications, click the notification name (“Web policy violation”), then define the mail server, email subject, and message body, as well as other required properties.
- Policy owners receive notifications by default. See Configuring the Web DLP Policy section for more information.
Field | Description |
---|---|
Post size |
Disabled by default. Select the minimum size of web posts to monitor. The default is 10 KB (that is, posts 10 KB and above in size are monitored). Default severity: low. Available actions: block (default), permit. |
Regulatory & Compliance |
Enabled by default. Select the regulatory and compliance rules to enforce. These are applied to all selected regions. (If no regions are selected, an error is displayed. Click Select regions to address the issue.)
After selecting a category, click its name to view or edit the specific policies to enforce. Applying specific policies improves performance and reduces resource consumption. Select a sensitivity for each policy.
Default severity: high. Available actions: block (default), permit. |
Data theft |
Disabled by default. The system protects against content being posted to the Web after your computer is infected. This complements Forcepoint Web Security, which protects against infected content downloaded from the Web. Select the type of data to search for in outbound transactions. When sent outside your network, this data can indicate a serious vulnerability.
Select a sensitivity for each policy. Sensitivity levels are described in more detail in the Regulatory & Compliance section, above. Note:The selected number of policies and their sensitivity levels affect performance. Default severity: high. Available actions: block (default), permit. |
Name of uploaded file |
Disabled by default. One by one, enter the names of the exact files that should be monitored when they’re posted or uploaded to the Web. Include the file name and extension. Click Add after each entry. For example, after adding a file named confidential.docx, when a user attempts to post a file with that name, the system detects it and takes the configured action. The system can detect files even when they’ve been compressed into an archive, such as a .zip file. Default severity: low. Available actions: block (default), permit. |
Type of uploaded file |
Disabled by default. Click Add to specify the types of files that should be monitored when posted or uploaded to the Web, for example Microsoft Excel files. Next, select the type or types of files to monitor. If there are more file types than can appear on the page, sort the columns or enter search criteria for find file types. If the file type does not exist, specify exact files of this type using the Name of uploaded file attribute instead. Default severity: low. Available actions: block (default), permit. |
Patterns & phrases |
Enabled by default. Click Add to define key phrases or regular expression (regex) patterns that should be monitored. On the resulting dialog box, enter the precise phrase (for example “Internal Only”) or regex pattern (for example ~ m/H.?e/) to include. Select how many phrase matches must be made for the policy to trigger. The default number of matches is 1. Default severity: medium. Available actions: block (default), permit. Note:Although you do not define whether to search only for unique strings, the system uses the following defaults:
|