We have DLP set to BLOCK any emails (unless they give a justification) with SSN numbers. ZOOM urls have 9 digit SSN's so its making users justify when sending out a zoom url. Is it possible to whitelist for example https://zoom.us/j/123456789
Can i make it so that DLP allows when it sees https://zoom.us/j/XXXXXXXXX even if its a valid SSN?
I am sure there is some sort of regex to create but i have no idea how to do that, help please!
In SSN defination, try creating an ignore regex expression where something begins with the URL, that you want to ignore.
ePO Menu> Data Protection> Classification> Advanced Pattern>Edit the regex (if it is default, duplicate it and then edit)> Ignore Exressions
Should I create a KEYWORD or REGEX ignore expression? See image below.
If i go with KEYWORD, should I type this in "https://zoom.us/" so that the justification rule bypasses the 9 digit SSN associated with the URL?
If i go with REGEX, should I type this in "https://zoom.us/" so that the justification rule bypasses the 9 digit SSN associated with the URL?
There are a few options to limit false positives.
You could you user based policies and whitelist those users that are performing this particular task.
A second option would be to create a proximity filter. For example, in EPO under Menu, Data Protection, Classification. You can create a new classification. One new classification has been created, click the actions tab and select, "new content classification"
Name the classification and then select the proximity tab. Complete the dropdowns with desired keyword and advanced pattern and set the proximity to the desired number of characters.
Then apply the newly created classification to the desired data protection policy.