Skip to main content
McAfee Enterprise MVISION Cloud

Create a Sanctioned DLP Policy

To protect your data, create a Sanctioned Data Loss Prevention (DLP) policy using the Policy Wizard.

A Data Loss Prevention (DLP) policy defines the criteria for generating an incident and optionally sets specific actions that are triggered in response to the detected incident. Use the following procedure to create or edit a DLP policy for any Skyhigh CASB sanctioned cloud service provider. You can apply a single DLP policy to multiple services, so long as they all support the rules and responses in the policy.

Once you create your DLP policy, it is enabled by default. 

IMPORTANT: Skyhigh CASB does not support importing or exporting policies or policy templates that include more than 50 rule groups or that exceed 64 KB in size, whichever limit is reached earlier.

To create or edit a DLP Policy:

  1. In Skyhigh CASB go to Policy > DLP Policies.
  2. Click Actions > Sanctioned Policy > Create New Policy. (See Create a Policy from a Template for information about templates.)
  3. On the Description page, name the policy and describe its status and scope:
    1. Name. Enter a descriptive name to help identify the policy.
      dlp_policy_1.png
    2. Description. (Optional) Enter a description for your DLP Policy. 
    3. Deployment Type. Select an integration method. Some user actions and response actions depend on the Type you choose. Choose from:
      • API
      • Lightning Link
      • Reverse Proxy
    4. Services. Click Select Service Instances, then select the instances you want the policy to apply to from the list.
    5. Click Done
    6. Users. Click Edit to select one of the options for Users to Include in the policy. 
      dlp_policy_2.png
      • All Users. Apply the policy to all users.  
      • Use a predefined dictionary. Apply the policy to users in a predefined dictionary. 
      • Manually enter users. Manually enter user emails in a list. Use a comma to separate email addresses. 
    7. Click Save
    8. Add Exclusions. Select any Users to Exclude from the policy.
      dlp_policy_3.png
      • None. Do not exclude any users from the policy. 
      • Use a predefined dictionary. Apply the policy to users in a predefined dictionary. 
      • Manually enter users. Manually enter user emails in a list. Use a comma to separate email addresses. 
    9. Click Save
    10. User Groups. If your tenant has User Data (Active Directory) configured, click Edit to select the User Groups to include in the policy. 
      dlp_policy_4.png
    11. Click Done
    12. Add Exclusions. Select any User Groups to exclude from the policy.
    13. Click Done
  4. Click Next
  5. On the Rules & Exceptions page, enter the following information:
    1. Rules. Specify the rules that the policy enforces. You can specify one or more rules or rule groups. You can also delete the rule group. Deleting the rule group removes the included rules in that set.
      When the rule is defined, the rule group name is automatically generated. You can edit and provide a new name for each rule group.
      clipboard_e23507d5782c8fd455f0c5043ecd8981b.png
    2. Click AND to add another rule, if needed. 
    3. Click THEN to add a severity: Critical, Major, Minor, Warning, or Info. 
    4. For Create An Incident, from each option drop-down you can select:
      • Incident Status
      • Incident Owner
      • Resolution Action

        IMPORTANT: Due to the priority order, it is not supported to use the DLP Policy Wizard to automatically set the incident status and Incident Consolidation at the same time. Use one feature or the other. 
         
    5. Click New Rule Group to add more, if needed. 
    6. Click Add Exception. Add one or more exceptions, if needed. A DLP policy ignores any exception group within the policy. An exception group is ignored when ALL exceptions within the group match.
    7. Click Add Exception Group to add more. 
    8. Click Next
  6. On the Response page:
    1. Response.  Select one or more response actions that are triggered when the policy rules are matched. By default, all DLP policies create an incident.
      dlp_policy_5_5.5.1.png
    2. Click Done.
    3. Click Next
  7. Click Save
  • Was this article helpful?