Data Loss Prevention

 View Only

 DLP 15.7 rules EDM False Positives

Shawn O'Connor Shawn O'Connor's profile image
Shawn O'Connor Shawn O'Connor posted Dec 16, 2020 01:57 AM
I'm having trouble with EDM creating FP(s). The email signature is setting off policy rules it's legitimate data wondering best way to ignore email signatures on the body not the email?
DLP Freak's profile image
DLP Freak
you can't exclude a portion of the email body. it's either all or nothing.
Shawn O'Connor Shawn O'Connor's profile image
Shawn O'Connor Shawn O'Connor
Looking for Regex Solution to this issue or anything else that might help in this situation.
Barnabas Toth's profile image
Barnabas Toth
JoshBe's profile image
JoshBe
Might be a good idea also to look at how you're configuring the EDM policy, as it may be too broad. If you're looking for something like name+phone number or something like that, that's going to be way too broad and capture too much of what you're not looking for. Try adding more fields to the detection rule, or increase the number of detections that are required for an incident.