Data Loss Prevention

  • Private Community
 View Only

  • 1.  Detection policy for adding a digit before HKID

    Posted Aug 17, 2010 09:34 AM

    HI all,

    HKID is one defined component for detection policy. If I want to add a digit before HKID as detection policy (i.e. 0+A123456(7) => 0A123456(7), how to do it?
    Pls advise.

    Thanks.
    Best Regards,
    Sunny


  • 2.  RE: Detection policy for adding a digit before HKID

    Posted Aug 17, 2010 09:39 AM
    I believe that HKID is a data identifier in the system, am i correct?
    Since I don't believe changing data identifiers is possible, I would recommend one of the following actions:
    1. create an "AND" policy which suggests that if a string like "X" and "A123456(7)" was found than trigger an incident
    2. create a new data identifier using the data identifier API
    3. create a regular expression that checks for the mathematical string you are looking for
    Kind Regards,
    Naor Penso


  • 3.  RE: Detection policy for adding a digit before HKID

    Posted Aug 17, 2010 09:46 AM
    Hi Naor Penso,

    Thanks for your reply. How to create a "And" policy because "0" and "A123456(7)"  put together such as "0A123456(7)" 
    Pls advise

    Sunny




  • 4.  RE: Detection policy for adding a digit before HKID

    Posted Aug 17, 2010 10:00 AM
    You create a policy that has 2 rules:
    1. DCM Rule - find keyword - "0"
    And

    1. DCM Rule - Match Data Identifier - "HKID"
    That would create the rule you wish. the trigger would be: "0"+"A123456(7)"

    Kind Regards,
    Naor Penso