Data Loss Prevention

 View Only

  • 1.  Recipient Matches Pattern Exception

    Posted Jul 10, 2020 05:45 PM
    Hello,

    What should be the best exception configuration for:
    • @company.domain + @trusted.partner.domain - to not generate incident BUT @company.domain + @trusted.partner.domain + external(e.g. @gmail.com) - generate incident.
    Thanks!


  • 2.  RE: Recipient Matches Pattern Exception

    Posted Jul 13, 2020 11:02 AM
    Hey Santos, I'm assuming you want to do this for email.

    Try this:
    • Create a new Recipient Profile and give it a name of something like, Trusted Partners
    • In the email address field enter
      • company.domain, trusted.partner.domain
    • Save the profile
    • Open the policy where the exception needs to be applied
    • Click on the Groups tab, then Add Exception
    • Exception Type will be Recipient Matches Pattern
    • The exception name can be the new recipient profile name, up you, just make it something that helps you remember what it does
    • Choose Reusable Recipient Pattern and select Trusted Partners from the drop-down
    • For Match Counting: choose All recipients must match (Email Only)
    • Click OK and Save your way out of the policy
    This exception should work when an email is addressed to one or more recipients in company.domain AND trusted.partner.domain. On the flip side, you get an incident when exception conditions are not met since all recipients do not match when an email is sent to company.domain AND trusted.partner.domain AND gmail.com.
    Original Message


  • 3.  RE: Recipient Matches Pattern Exception

    Posted Jul 14, 2020 09:08 AM
    Or you can flip the logic and create a rule looking only for emails going to the domains of interest (gmail.com, yahoo.com etc.)  It may create a little unnecessary "noise" due to legitimate partners using gmail but those can be addressed, if needed, by specific smtp address exceptions (ABC_Co@gmail.com).
    Thats what we use.
    Original Message