Data Loss Prevention

 DLP - EDM Policy False Positives due to Currency

Armando Rodriguez's profile image
Armando Rodriguez posted Jun 12, 2024 10:02 AM

Hi DPL Community,

I wanted to ask for some input about an issue that is currently creating a lot of false positive incidents: We have an EDM consisting of customer numbers. The policy checks for the existence of this numbers and will create an incident when it matches. The problem is, that these numbers also appear in a different context, for example related to currency amounts:

Example:

Customer Nr: 98247

False Positive Match: 982476.30 USD

Is there a way to exclude the cases, where the number stands within a money context? I was thinking about Regex but this does not seem applicable, considering the data comes from an EDM.

Charbel Trainer's profile image
Broadcom Employee Charbel Trainer posted Jun 24, 2024 03:23 AM

Hi Armando,

Given the customer # you have in the example, it's only a 5 digit number. This means it will be more than likely to hit false positives due to it not being terribly unique.

Have said that, it may be possible to improve accuracy by creating a compound rule with a custom Data Identifier, Creating custom data identifiers.

Rather than creating exclusions, generally it would be better to start with defining the data pattern that you would need to match, and then begin to add optional validators for data identifiers. It might even be possible to use the existing validators.

You can take it one step further by creating custom script validators using the built-in DLP DLP scripting language. This is helpful if there is a specific algorithm used to generate the number.