cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 9
Report Inappropriate Content
Message 1 of 6

Use dictionary score value to reduce false positive

Jump to solution

Hello,

I have in other DLP products been able to use the "score" value from a dictionary to trigger a policy only when the score meets a threshold. I cannot figure out how to do this in McAfee DLP.

 

For instance I have a term such as: "Really sensitive" and I have a standard email footer such as "this email may contain really sensitive stuff..."

I would like to make the dictionary entries like this:

--really sensitive [score 1]

--this email may contain really sensitive stuff [score -1]

 

These would effectively cancel each other out and if there are no other found terms, the score would be zero.

 

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: Use dictionary score value to reduce false positive

Jump to solution

Hi @ISmith ,

You have options for specifying threshold as well to match the score. However threshold cannot be zero. So if the score is zero, DLP cannot trigger the Incidents, if the score values sums up to 1 then for threshold value 1 an Incident would be triggered.

thresholg.PNG

 

Thank you.

Regards,
Jithendran S
McAfee Employee

View solution in original post

5 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Use dictionary score value to reduce false positive

Jump to solution

Hi @ISmith ,

Thank you for writing in here.

You can do this with Dictionaries under classification in McAfee DLP.

dict1.PNG

 

dict2.PNG

dict3.PNG

 

Check this out and update us.

 

Thank you.

Regards,
Jithendran S
McAfee Employee
Highlighted
Level 9
Report Inappropriate Content
Message 3 of 6

Re: Use dictionary score value to reduce false positive

Jump to solution

I already have this configured as you describe.

What I do not have is a way to have the score trigger a DLP policy only if it is above 0.

For instance, these operators apply to the dictionary: (one of, all of, or none).

madlp-dictops1.PNG

There is no option available to match on the score. i.e. where dictionary score is (greater, less, equal to) "X"

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: Use dictionary score value to reduce false positive

Jump to solution

Hi @ISmith ,

You have options for specifying threshold as well to match the score. However threshold cannot be zero. So if the score is zero, DLP cannot trigger the Incidents, if the score values sums up to 1 then for threshold value 1 an Incident would be triggered.

thresholg.PNG

 

Thank you.

Regards,
Jithendran S
McAfee Employee

View solution in original post

Highlighted
Level 9
Report Inappropriate Content
Message 5 of 6

Re: Use dictionary score value to reduce false positive

Jump to solution

Thank you. That's what I needed. I have had this created so long that I didn't remember that being there.

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Use dictionary score value to reduce false positive

Jump to solution

Hi @ISmith ,

You are welcome 🙂 we are here to help! 

Stay safe and careful!

 

Thank you

Regards,
Jithendran S
McAfee Employee
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community