About Sanctioned DLP Policy Rules and Rule Groups
The Sanctioned DLP Policy Rules section defines the match criteria for a policy violation. Several different types of rules can be combined using Boolean logic. Boolean logic is supported through Rule Groups. All rules in a group are logically combined with an AND operator. All rules must match within the group. Multiple Rule Groups can be named, defined, and combined logically with an OR operator. This means any group within a policy must match the policy to be triggered.
IMPORTANT: Skyhigh Security does not support importing or exporting policies or policy templates that include more than 50 rule groups or that exceed 64 KB in size, whichever limit is reached earlier.
Rule Groups are assigned by Severity: Warning, Info, Minor, Major, or Critical. This allows you to conditionally execute different response actions based on the triggered Rule Group.
IMPORTANT: When you create DLP policy or add exceptions, if you add certain reserved SQL keywords, such as "Select", "Update", or "Delete", they appear with the first letter masked, as "#elect", "#pdate", or "#elete." This is a security feature of the GWT framework in Java. The workaround is to add the file name to a Policy Dictionary and add the dictionary as an exception rule.
Several Rule types can be added to a policy, including:
- Evaluate Policy Rules
- Classification Label Rules
- Collaboration Rules
- Data Identifier Rules
- File Name Rules
- File Path/Folder ID Rules
- File Size Rules
- File Type Rules
- Keyword Rules
- Regular Expression Rules
- Structured Data Fingerprint Rules
- Unstructured Data Fingerprint Rules
- SharePoint Setting Rules
NOTE: From the SSE 6.5.2 release, the Structured Data Fingerprint and Unstructured Data Fingerprint are available to users who have already defined DLP policies using these rules. It will not be available to other users.