Creating exact match data pattern
Allows you to upload a tokenized csv file to scan through your data-at-rest looking for exact matches based on the data in the uploaded file. You can create an Exact Match pattern in a similar way to creating a Simple or Advanced pattern.
Note: Forcepoint ONE SSE Exact Data Match supports non-ascii characters but
the file needs to be encoded as unicode or UTF-8.
Steps
- Navigate to Protect > Objects > DLP Objects.
-
Click the green plus icon and select Exact Match to create the data pattern.
-
On the General tab, type a name and description for the pattern and then click the Match Criteria tab.
-
On the Match Criteria tab, configure the Column Names in order separated by commas and without spaces.
Once you have clicked Apply, the DLP Patterns dialog will display more options and the Column Names will no longer be editable.Note: The RecordID is a mandatory field, but it is not a field that is matched on. It represents a row identifier for Forcepoint ONE SSE logging purposes. If you have columns for user identifiers (such as Social Security Numbers), you will have to input that column name separately.
-
Now you can download the Data Hasher to tokenize your data.
The Data Hasher downloads as a zip file containing the necessary python scripts you will need to run to tokenize the data to ready it for upload.
- On Windows and mac machines, you need docker running. To install docker, follow instructions on docker file that you download. The included Dockerfile will install the right environment for you and execute the tokenizer in that environment.
- For ubuntu, follow instructions from README.txt file and does not require docker. However, needs Python 2.7.x version.
Note: Check the README file in the Data Hasher package for compatibility information. - Once you have tokenized your data, you can choose to manually update the file.
-
Finally, select the Match Criteria on whether it's a Simple Pattern or a Custom Pattern.
- Simple: Exact match is registered if at least X number of columns match where X is the selected value you choose on the dropdown.
- Custom: You can set customized logical conditions for the definition of an exact match incident.
Note:- Document size cannot exceed 2GB.
- Forcepoint ONE SSE will support up to 1500 matches when scanning data for DLP pattern matches.
- To save the data pattern, click OK.
-
(Optional) Click on the Test Pattern tab to verify if pattern was configured properly.
- Enter either the text or upload a file to see if your pattern was configured properly.
-
To trigger test on your example, click Test.
A verdict is also displayed on the bottom of the dialog indicating whether or not the content successfully matches the pattern.