Data Loss Prevention

 View Only
  • 1.  Need to create data identifier using a list of Credit card numbers to run endpoint discovery scan

    Posted Nov 30, 2021 10:46 AM
    Hi,

    I have a list of Credit card (Visa/****) Bin details and we need to use those Credit card numbers to run endpoint discovery scan on the workstations. The list is pretty big, so please suggest how to create data identifier using that list of Credit card numbers.


  • 2.  RE: Need to create data identifier using a list of Credit card numbers to run endpoint discovery scan

    Trusted Advisor
    Posted Dec 01, 2021 02:19 AM
    Edited by DLP Solutions Dec 01, 2021 02:20 AM
    Yousef,

    Best way is to create a Data Identifier that detects these specific CC numbers. There is an existing Data Identifier that looks for ALL CCN numbers, it has specific REGEX for the different CC types. 

    Take a look at the existing Credit Card Data Identifiers (PCI).

    DO NOT edit the existing Data Identifier.. make your own.

    Hopefully the CCN list has the same beginning numbers or something to make it easier than looking for ANY CCN.
    Make  sure to add the LUHN check and other add-ons to the DI.

    ------------------------------
    Good Luck. - RP
    PLEASE MARKED SOLVED WHEN POSSIBLE
    ------------------------------



  • 3.  RE: Need to create data identifier using a list of Credit card numbers to run endpoint discovery scan

    Posted Dec 05, 2021 06:51 AM
    Hi RP,

    Thank you for your response.

    I would have created a DI if i will be having few patterns but actually i am having the patterns in thousands. I am not able to understand how to use that?


  • 4.  RE: Need to create data identifier using a list of Credit card numbers to run endpoint discovery scan

    Posted Dec 06, 2021 11:57 AM

    Hi,

     

    Are they full credit card numbers?

    You can put a few thousand into the keyword detection policy without problems.

    You will have to update them regularly however.

     

    It's better to  use the built in in polcy and the BIN numbers.

     

    Regards,

    Barnabas

     






  • 5.  RE: Need to create data identifier using a list of Credit card numbers to run endpoint discovery scan

    Trusted Advisor
    Posted Dec 06, 2021 12:02 PM
    Yousef,
    Sorry, but you are going to have to learn how to read/use REGEX. It's basic pattern matching scripting.

    It is going to be the only way to really deal with 1000's of numbers. 

    Look at the DI's and read about REGEX to figure out how it works.
    You should be able to use the Regex to look for the first set of digits and then match the next set of numbers. It's not that hard.

    Each credit card type has a different regex pattern, this is because each card type starts with a different number and has a different format. 
    Visa
    Amex
    Discover
    MasterCard
    etc.
    https://www.regular-expressions.info/creditcard.html



    Good luck:

    ------------------------------
    Good Luck. - RP
    PLEASE MARKED SOLVED WHEN POSSIBLE
    ------------------------------



  • 6.  RE: Need to create data identifier using a list of Credit card numbers to run endpoint discovery scan

    Broadcom Employee
    Posted Dec 01, 2021 11:47 AM
    Hi Yousef, as mentioned you can clone the existing CCN DI, then make the changes. Do you have a list of actual card numbers, or just the BIN patterns?  
    If you have actual cards numbers,  an EMDI would be better. But if you only have the patterns,  then after you clone the CCN DI, you can edit and remove all the extraneous patterns you don't need. 

    EMDI INFO: https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/data-loss-prevention/15-7/about-data-loss-prevention-policies-v27576413-d327e9/introducing-exact-match-data-identifiers-emdi-v130054186-d327e12006.html


  • 7.  RE: Need to create data identifier using a list of Credit card numbers to run endpoint discovery scan

    Posted Dec 05, 2021 06:45 AM
    Hi Julya,

    Thank you for your response.

    Actually i am having the patterns and that are in thousands. So the list is pretty big and i am not able to understand how to use that?


  • 8.  RE: Need to create data identifier using a list of Credit card numbers to run endpoint discovery scan

    Posted Dec 07, 2021 12:02 PM
    I will suggest responding to users suggestions in order to understand what you have tried or if you don't understand their suggestion to further clarify them; screenshots and results might assist with our understanding of what you are trying to accomplish. Also, it will be good to post your final goal, which should be monitoring and stopping xyz data from endpoint, network, or cloud, etc. This way we can direct you to the proper Admin guide chapters to follow.
    Note: detecting credit card numbers is one of the most precise identifier there is, so no need to reinvent the wheel. But, if you had a specific set of CC numbers, then EDM or EMDI detection technology might be the best option. But again, if you add information to your query and everything you have tried, we might be able to better make some suggestions.

    Have a great day and good luck with your project.


  • 9.  RE: Need to create data identifier using a list of Credit card numbers to run endpoint discovery scan

    Posted Dec 02, 2021 12:57 PM

    Hi,

     

    If you want generic detection you can use the Credit Card policy template.

    If you want to match card numbers exactly, you can use them a **** list of keywords or make an EDM index, depending on the numbers.

     

     

    Regards,

    Barnabás