Best Practice: Set a Size Limit for DLP Filtering

When implementing the cloud version of Data Loss Prevention (DLP), you can modify the default rules of the relevant rule set. You can, for example, replace the default size limit for the filtering process with one of your own.

This task also shows how the two views of a rule set can be used for different purposes. In the key elements view, you can disable the default size limit or enable it. But you cannot set a size limit of your own. To complete the latter activity, which is a bit more complex, you must work with the complete rule sets view.

1. Import the Data Loss Prevention (DLP) with ICAP for Cloud rule set from the library.
2. In the key elements view of the rule set that appears after the import, click Unlock View and Yes in the confirmation window.
   The complete rules view of the rule set appears.
3. Click Show Details.
4. Set a size limit that replaces the default value.
   1. Select the Skip Body That Is Greater Than 50 MB rule and click Edit.
   2. In the Edit Rule window, select Rule Criteria. Then select the line with the criteria and click Edit again.
   3. Under Compare with in the Edit Criteria window, type a new size limit.
      For example, type 80000000 instead of 52428800, which is the default value.
   4. Click OK to close the Edit Criteria window.
   5. In the Edit Name window, select  Name. Then modify the rule name in the Name field by typing 80 instead of 50 (if you chose that as the new size limit).
   6. Click Finish to close the Edit Rule window.
5. Click Save Changes.

Requests with a body greater than the default size limit, but still below the newly configured limit, are now involved in the filtering process.