Skip to main content

Welcome to our updated site!

Skyhigh Security

Improved Match Highlighting with Data Identifiers

  1. Last updated
  2. Save as PDF

Match Highlighting

Match Highlighting displays an excerpt of a document when it includes content that violates a Data Loss Prevention policy. Incident response teams can view the text that contains the match for the DLP rule: surrounding text is included with the highlighted matches to help identify false positives. Match Highlighting provides the evidence for DLP incidents.

Incorporate Keywords when Paired with Data Identifier

When paired with the data identifier here, the data identified faces the classifications we are using.

When we give like a OR condition so anyone matched means that time only matched for that classification and it will show only one classification name under that keyword name and when we created with under condition.So both the keywords should be there and both classification and should be match.

As an example for OR condition

It matches 1 will be triggered an Incident.
It matches 2 will be triggered an incident.

The keywords you are using on Content , they should match with your classification.

On your Skyhigh CASB go to Incidents > Policy > Incidents.

Select the Policy name and check details on the right side (2 classifications and 2 matches).

clipboard_e5c957553f07f185b0fb2c0865d0f401b.png

Example

You will need to create 2 Classifications and assign to a New Policy.

In your Skyhigh CASB .

  1. Go to Policy > DLP Policies > Classifications.

clipboard_e83f4258b376c3c9508a9a8528b0e6619.png

  1. Create a new one

You will need to create 2 classifications

clipboard_ebd6f7ee4da35e1fb354e2eb50bc81ce6.png

For the example we selected Category "Inappropriate" and a keyword "ravi".

  1. AND select any.
  2. Save.

clipboard_e6150899a33bdec7dc084724d511e7c87.png

  1. Create a new Classification using different keyword, with same configuration.

Now you have 2 classifications created with different keywords to match.

  1. Now create a new DLP Policy with the classifications used before.

clipboard_e873b872661cff4960d0e2b662ca7b77b.png

Select Instance you want to use.

Rules IF Classification and on the left side you will see Classification for Inappropriate and the classification name you have Created before.

clipboard_ea28c45560b8c2b2781612f3ead575e43.png

AND Classification is, the condition OR will be applied.

clipboard_eaa0197922770bd62067e73f00aae2936.png

THEN assign Incident Severity As "Major".

clipboard_efb4c3749f2688b19bd5aa0459132db10.png

Responses.

clipboard_e5e0581a667a1dcdcd1b27c607645cc38.png

clipboard_e3c61b9021297a31c06f26029592fdbc6.png

  1. Click OK.
  2. Save.
  3. Then proceed to  Policy Validation using the keywords you have added into your classifications and to trigger incidents.
  4. You will need to check your Incidents in your Skyhigh CASB .

clipboard_eead7980636ebfd861d1c55b10c6b589e.png

  1. Select Policy Name and now you can see on the right side match for both.

clipboard_ecbd3e0d63f7a5d1c590d16e0e68c9023.png

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.