Creating DLP Advanced Data Pattern by using hexlified value of file Mime type
Use the ContentTypeHexRe("<hexlified regex string>") in advanced pattern to match if the content type (mime type) of the file matches to the specified regex. The ContentTypeHexRe("<hexlified regex string>") accepts a hex encoded form of regular expression for mime types.
Steps
-
Find the Hexlify Value of the File Mime Type:
Using the mime type obtained in the previous step, you can now use the python online tool to get its hexlified value.
The following code is an example of how to get the hexlify value using the online python interpreter for application/pdf mime type:
import binascii print(binascii.hexlify(b'application/pdf')) Output returned = 6170706c69636174696f6e2f706466
You can replace application/pdf or "^application/" with the file mime type required to get the hexlified value.
The ContentTypeHexRe function and its value can be used in an Advanced Data Pattern to match against a particular mime-type as below:
Prototype: ContentTypeHexRe(<hex encoded regex pattern>)
Replace
<hex encoded regex pattern>with regex pattern encoded as a hexadecimal string.Example: ContentTypeHexRe("696d6167652f74657874")
The above function would return mime-types matching application/pdf.
-
Click the green plus icon and select Advanced to create the data pattern.
-
On the Match Criteria tab, enter the hexlify value for your mime type in Expression in
ContentTypeHexRe("xxxxxxxxxxxxxxx") format and save it.
-
Testing the pattern with a pdf file shows the example.pdf file successfully matched the DLP pattern.
