Data Loss Prevention

 View Only
  • 1.  Policy Creation

    Posted Aug 07, 2020 03:18 PM
    Need assistance to create a new policy in DLP 

    Rules: Scan for data types "Credit Card Number" for files saved/uploaded to shared drive: \\snare\icorp\IT\
    User Group: This policy should only be assigned to the two users.
    Response Rules: Email should be sent to user to state PHI is found or not found in the files.

    Regards
    KK


  • 2.  RE: Policy Creation

    Posted Aug 08, 2020 02:03 PM
    Hi KK,

    Since you have mentioned Scan for data types, i am assuming you are intending to do a Network Discover Scan on shared folder \\snare\icorp\IT\. Please note that DLP Endpoint and Email policies can be applied based on Logged in User or User sending email. However, policies for data discovery cannot be user based because the scans are assigned/configured to run on the discovery targets and not on users. If multiple users are having access to that folder, the data for all users will be scanned. You can, however, filter out incidents where file owner is the intended user and trigger a Smart Response rule (Manual) to send email notification to the intended users. However, you cannot send an email notification if there is no incident.

    Hope it helps.


  • 3.  RE: Policy Creation

    Posted Aug 12, 2020 01:47 PM
    I second Asad's comments