generally MWG has all the required tools on board, we have archive openers, document openers, can extract text, check inside POSTS, even in SSL, etc.
The thing we don't have is simply a lexicon/template that contains stuff like special phrases for HIPAA, PCI, SOX and the like.
What you can do is creating a rule that will match extracted text against a list. You need to have the composite opener enabled.
If Media.Type ensured matches at least one in list
Body.Text matches in list
This was tested with MS Office Documents.
Attaching a rule.
DLP.xml 7.8 K
Very explicative and exaustive..
I've done my custom policy for DLP!
How can i import the dictionary of HIPAA, SOX, Etc, from "Email and Web Security 5.6 Appliances", if another McAfee products has the lexicon/templates, why not import to mwg?
the best answer would be 'please be patient'. For more info, contact me per PM on the this forum.
I am testing DLP Capabilities in Webgateway 7.2 and I`ve got some questions. May be someone can help me with them?
1.Using the criterion DLP.Dictionary.BodyText.Matched <TEST Dictionary> for blocking it is necessary that all the terms of the dictionary (TEST Dictionary) have been in the POST message. How to set up the rule so that the presence of any term from the dictionary should perform blocking?
2. How to receive reports on the Users for which the block was performed according to DLP politicies?
Thanks in advance.
When you're using DLP.Dictionary property, it will match if any of the specified terms is present in the Body.Text property. But don't forget to enable Composite Openers before using any of property that use Body.Text
Regarding reporting, I think, that you can write al necessary data into log file and then analyze it
Yes, this is by design - the DLP in MWG 7.2 is working following way:
- You create your own dictionary or select classifications from lists
- You create rule "DLP.XXXX.Matched equal true" and this rule will be fired when DLP Engine will find something from selected classifications or your dictionary
- If value of DLP.XXXX.Matched is true, then properties "DLP.XXXX.MatchedTerms" and "DLP.Classification.XXXX.MatchedClassifications" will be filled with information about matched data - you can use information from these properties for logging