Use the Evaluate Policy feature to upload a sample data file to quickly fine-tune your DLP policies as you build them to make sure they detect the correct incidents. The policy does not need to be activated to be evaluated. This data is not stored in MVISION Cloud and is deleted when you are finished using the feature.
For example, if you created a policy to detect credit card numbers and keywords, you could upload a sample file that included credit card numbers and keywords such as Visa, Amex, and credit card. When you run the test, the results display the incidents that your policy will discover. The results displayed are the same as what you would see on the Policy Incidents page.
This feature tests your policy to see if the correct incidents are detected based on the rules defined. For example, if you set your Match Count to 4, but there were only 3 matches in your sample data file, the results would show 0 Violations Found, because it does not match your policy specifications.
Evaluate Policy only supports content-based rules, including:
- Custom Data Identifier
- Data Identifier
- Regular Expression
To evaluate a policy:
- Go to Policy > DLP Policies.
- Select the policy you want to evaluate.
- Click Actions > Evaluate Policy.
- Click Upload to browse and upload your file of sample data to test your policy against.
- Click Run... to select the number of times to run the test. (Evaluating the policy multiple times results in more accurate average runtimes, to show how long it takes to extract files.)
- Click Evaluate.
- The Evaluation Results are displayed, including metrics such as the runtime, file size, total extraction time, and the content matches found, depending on your policy.
- Click Done to delete all sample data.