Use classifications in your Shadow/Web DLP Policies to identify sensitive data. A range of built-in classifications are provided for complying with various regulations, or you can create custom classifications, using criteria such as keywords, regular expressions, file type, and more.
For more information on Classifications, see Identifying sensitive data with classifications.
- Go to Policy > DLP Policies > Classifications.
- To create a new Category, from the Classifications menu, select Create Category. Otherwise, select the Category where you would like to add your custom Classification.
- In the Custom Classifications dialog, click Create.
- Under Conditions, select Criteria from the list. For this example, select Keywords.
- Advanced Pattern. An Advanced Pattern is a combination of letters, numbers, and symbols. An example would be a Credit Card Number. Set a threshold to reduce false positives by editing the number.
- Dictionary. Dictionaries are a collection of keywords. Set a threshold to reduce false positives by editing the number. Use McAfee maintained Dictionaries or create your own.
- Keywords. Enter keywords, separated by a comma. Any match will count as a detection. Keywords are not reusable in any other classification. We recommend using a Dictionary for this.
- File Size. Specify the minimum or maximum size of the files you are interested in. ‘Between’ allows you to define a range. Choose from:
- is less than
- is greater than
- is between
- True File Type. The True File Type is the actual file type (specified in the file header). For example, the file might be called document.pdf, but the True File Type is an executable. All True File Type definitions in this catalog are maintained by McAfee. You cannot add or edit any of these. Use the property File Extension for customization.
- File Extension. File Extensions are characters attached to a file name indicating the file format. Use the property True File Type to use the actual file type (specified in the file header). For example, the file might be called document.pdf but the True File Type is an executable.
- Location in File. This feature is used to determine a match in the a specific file location. Limit the detection to the first number of characters of any given file. The document sections header, footer, or body apply to Word or PowerPoint documents. In PowerPoint, it identifies WordArt as header. For all other documents, matches are only found in the body of the text. Select from:
- within the first characters
- Enter the Keywords separated by commas: Confidential, Sensitive, Secret.
- Click Save.
The Custom Classification is added to your Category. You may use it to create Shadow/Web DLP Policies.