Create a Fingerprint
You can create and use fingerprints for structured data or unstructured data. Structured, or Exact Data Matching (EDM) fingerprints, allow you to monitor your organization's documents in a row and column format typically extracted from a database in CSV format. Unstructured or Index Document Matching (IDM) fingerprints work by content-matching indexed documents and images. Once your data is fingerprinted, and you generate an index file, you can add a DLP Policy rule to leverage that indexed data.
Create Structured Fingerprint
To create a Structured Fingerprint, select the required options:
Create Legacy Fingerprint
Create a Structured Data Fingerprint (Legacy Fingerprint) for data in CSV format. These fingerprints are evaluated per DLP policy to match against sensitive content in the cloud. You can only use Legacy Fingerprints with Skyhigh CASB.
- Go to Policy > DLP Policies > Fingerprints.
- On the Fingerprints page, go to Create Fingerprint > Structured Fingerprint > Create Fingerprint.
Create a Structured Fingerprint page provides the following information:
- Fingerprint Name. Enter a name for the Legacy Fingerprint.
- Source File. Enter the path to the source file that holds the data you want to fingerprint. For example:
- Unix. file://localhost/etc/folderA/file.csv
- Unix. file:///folder/fileNameWithoutExtension
- Windows. file:///c:/WINDOWS/file.csv
- Windows. file:///WINDOWS/file.csv
- Windows. file://localhost/WINDOWS/file.csv
- Location to store generated hashes. Enter the path to the folder where your locally generated hashed files are stored. Space allocated for this should be about 10–20% of the size of data to be fingerprinted. For example:
- Unix. file://localhost/etc/folderA
- Unix. file:///etc/folderB
- Windows. file:///c:/WINDOWS/file.doc
- Windows. file:///WINDOWS/file.doc
- Windows. file://localhost/WINDOWS/file.doc
- Column Separator. Select the delimiter that separates the columns of your source file: either Comma, Tab, or Pipe.
- First row of file contains column names. Activate this checkbox if the first row of your source file contains column names.
- Column. If the field names aren't automatically detected:
- Enter the first Field Name for your source file.
- Then select the Field Type from the menu. Selections include:
- Alphabetic. Alphabetic characters.
- Number. Numbers supported with decimals.
- Alphanumeric. Alphanumeric characters.
- Zip Code. ##### or #####-####
- Email. LOCAL_SUBPART ('.' LOCAL_SUBPART)* '@' DOMAIN_SUBPART ('.' DOMAIN_SUBPART)*;
- Date. ##/##/#### or ##-##-####
- Phone. (###)###-#### or ###-###-####
- Credit Card Number. CCNs formatted with decimals, spaces, or underscores, separated by pipes or semicolons.
- Social Security Number. ###-##-####, or ### ## ####, or ###.##.###, separated by pipes or semicolons.
- Identifier. Letters and numbers with hyphens and decimals.
- Generic. Used for exact cell match.
- Do Not Index. Select this Field Type to mark the column as Do Not Index. (This option is available with DLP Integrator 4.1 and later.)
- Click + to add as many Columns as required.
- Click Save.
The new Legacy Fingerprint is created and appears on the Fingerprint page. You must now generate an index of the fingerprint to use it in a DLP Policy.
Create Enhanced Fingerprint
Create a Structured, or Exact Data Match (EDM) Enhanced Fingerprint for data in CSV format. You must then generate a structured index of the Fingerprint, and use it in a DLP policy to match against sensitive content to prevent sensitive information from leaving the organization. You can only use Enhanced Fingerprints with Web Gateway.
- Go to Policy > DLP Policies > Fingerprints.
- On the Fingerprints page, go to Create Fingerprint > Structured Fingerprint > Create Enhanced Fingerprint.
Create an Enhanced Fingerprint page provides the following information:
- Fingerprint Name. Enter a name for the Enhanced Fingerprint.
- Source File. Enter the path to the source file that holds the data you want to fingerprint. For example:
- Unix. file://localhost/etc/folderA/file.csv
- Unix. file:///folder/fileNameWithoutExtension
- Windows. file:///c:/WINDOWS/file.csv
- Windows. file:///WINDOWS/file.csv
- Windows. file://localhost/WINDOWS/file.csv
- Location to store generated hashes. Enter the path to the folder where your locally generated hashed files are stored. Space allocated for this should be about 10–20% of the size of data to be fingerprinted. For example:
- Unix. file://localhost/etc/folderA
- Unix. file:///etc/folderB
- Windows. file:///c:/WINDOWS/file.doc
- Windows. file:///WINDOWS/file.doc
- Windows. file://localhost/WINDOWS/file.doc
- Column Separator. Select the delimiter that separates the columns of your source file: either Comma, Tab, or Pipe.
- Click Save.
The new Enhanced Fingerprint is created and appears on the Fingerprint page. You must now generate an index of the fingerprint to use it in a DLP Policy.
Create an Unstructured Fingerprint
Create an Unstructured Data Fingerprint for files in one or more folders. These fingerprints are evaluated per DLP policy to match against sensitive content in the cloud.
- Go to Policy > DLP Policies > Fingerprints.
- On the Fingerprints page, go to Create Fingerprint > Unstructured Data Fingerprint > Create Fingerprint and select the type of fingerprint you wish to create:
- Create Fingerprint (Legacy).
- Create Enhanced Fingerprint.
NOTE: Only one Enhanced Fingerprint can be created. The option becomes grayed out when one is present.
Create Enhanced Fingerprint
Create an Unstructured Data Fingerprint for files in one or more folders. These fingerprints are evaluated per DLP policy to match against sensitive content in the cloud.
Go to Policy > DLP Policies > Fingerprints.
On the Fingerprints page, go to Create Fingerprint > Unstructured Data Fingerprint > Create Enhanced Fingerprint.
NOTE: Only one Enhanced Fingerprint can be created. The option becomes grayed out when one is present.
Create an Enhanced Fingerprint page provides the following information:
- Fingerprint Name. Enter a name for the Enhanced Fingerprint.
- Location to scan. Enter the path to the computer that holds the files you want to fingerprint. Click + to add more paths, if necessary. For example:
- Unix. file://localhost/etc/folderA
- Unix. file:///etc/folderB
- Windows. file:///c:/WINDOWS/file.doc
- Windows. file:///WINDOWS/file.doc
- Windows. file://localhost/WINDOWS/file.doc
- Select Classification. On the right, select the classification associated to the document(s) mentioned on "Location to scan".
- Ignored Text. Configure text to ignore when processing file content, such as boilerplate, legal disclaimers, and copyright information.
- Location to store generated hashes. Enter the path to the folder where your locally generated hashed files are stored. Space allocated for this should be about 10–20% of the size of input paths/folders. For example:
- Unix. file://localhost/etc/folderA
- Unix. file:///etc/folderB
- Windows. file:///c:/WINDOWS/file.doc
- Windows. file:///WINDOWS/file.doc
- Windows. file://localhost/WINDOWS/file.doc
-
File type exclusions. Enter any file types to be excluded. (Archive files such as ZIP files are not automatically excluded.)
Create Fingerprint (Legacy)
You can only use Legacy Fingerprints with Skyhigh CASB.
- Go to Policy > DLP Policies > Fingerprints.
- On the Fingerprints page, go to Create Fingerprint > Unstructured Data Fingerprint > Create Fingerprint.
Create an Unstructured Fingerprint page provides the following information:
- Fingerprint Name. Enter a name for the Unstructured Fingerprint.
- Location to scan. Enter the path to the computer that holds the files you want to fingerprint. Click + to add more paths, if necessary. For example:
- Unix. file://localhost/etc/folderA
- Unix. file:///etc/folderB
- Windows. file:///c:/WINDOWS/file.doc
- Windows. file:///WINDOWS/file.doc
- Windows. file://localhost/WINDOWS/file.doc
- Location to store generated hashes. Enter the path to the folder where your locally generated hashed files are stored. Space allocated for this should be about 10–20% of the size of input paths/folders. For example:
- Unix. file://localhost/etc/folderA
- Unix. file:///etc/folderB
- Windows. file:///c:/WINDOWS/file.doc
- Windows. file:///WINDOWS/file.doc
- Windows. file://localhost/WINDOWS/file.doc
- File type exclusions. Enter any file types to be excluded. (Archive files such as ZIP files are automatically excluded.)
- Click Save.
The new Unstructured Fingerprint is created and appears on the Fingerprint page. You must now generate an index of the fingerprint to use it in a DLP Policy.