Improved Match Highlighting with Data Identifiers
Match Highlighting displays an excerpt of a document when it includes content that violates a Data Loss Prevention policy. Incident response teams can view the text that contains the match for the DLP rule: surrounding text is included with the highlighted matches to help identify false positives. Match Highlighting provides the evidence for DLP incidents.
Incorporate Keywords when Paired with Data Identifier
When paired with the data identifier here, the data identified faces the classifications we are using.
When we give like a OR condition so anyone matched means that time only matched for that classification and it will show only one classification name under that keyword name and when we created with under condition.So both the keywords should be there and both classification and should be match.
As an example for OR condition
It matches 1 will be triggered an Incident.
It matches 2 will be triggered an incident.
The keywords you are using on Content , they should match with your classification.
On your Skyhigh CASB go to Incidents > Policy > Incidents.
Select the Policy name and check details on the right side (2 classifications and 2 matches).
You will need to create 2 Classifications and assign to a New Policy.
In your Skyhigh CASB .
- Go to Policy > DLP Policies > Classifications.
- Create a new one.
You will need to create 2 classifications
For the example we selected Category "Inappropriate" and a keyword "ravi".
- AND select any.
- Create a new Classification using different keyword, with same configuration.
Now you have 2 classifications created with different keywords to match.
- Now create a new DLP Policy with the classifications used before.
Select Instance you want to use.
Rules IF Classification and on the left side you will see Classification for Inappropriate and the classification name you have Created before.
AND Classification is, the condition OR will be applied.
THEN assign Incident Severity As "Major".
- Click OK.
- Then proceed to Policy Validation using the keywords you have added into your classifications and to trigger incidents.
- You will need to check your Incidents in your Skyhigh CASB .
- Select Policy Name and now you can see on the right side match for both.