Create a DLP Policy
Overview
This guide provides instructions on creating and editing a Data Loss Prevention (DLP) policy. Define a new policy by specifying a name, description, and selecting a predefined data pattern. US-PII Data Pattern. Configure actions for detected data, review settings, and save the policy.

Creating a New DLP Policy
Click the Create New Policy button located in the top right of the screen to access the Create New Policy menu.

Enter a name and description for the policy, then click Next.

In the next step, select a data pattern from the list.
US Social Security Number (SSN)
US Passport Number
US Driver’s License Number
US Taxpayer Identification Number (ITIN)
US Bank Account Number
Credit Card Number
US Taxpayer Identification Number (ITIN)
US Bank Account Number
Credit Card Number
Enter Regular Expressions
Max 5 regular expressions allowed. One expression per line.
For more information, click here.
In the Action section, select checkboxes to define the response when a match is found, then click Next.
This action will always populate to the Matches Log.
In the final section, review the information entered in Steps 1 and 2. To make edits, click Edit next to the relevant field or use the Back button to return to a previous step.

Once everything is correct, click Save Policy to save and activate the new policy.
FAQ
Q. How do I define a custom pattern for specific data types like a US Passport Number or SSN?
A. To create a custom DLP pattern, use regular expressions (regex) to match the specific format of the data you want to detect.
Example: US Passport Number
US passport numbers are 9-character alphanumeric codes (uppercase letters and numbers only). Use the following regex pattern to detect them:
Explanation:
\b
ensures the number is a separate word.[0-9A-Z]
matches any digit (0-9) or uppercase letter (A-Z).{9}
specifies exactly 9 characters.
Example: US Social Security Number (SSN)
US SSNs follow the XXX-XX-XXXX format. Use this regex pattern:
Explanation:
\d{3}
matches three digits.-
matches the hyphen separator.\d{2}
matches two digits.Another
-
matches the second hyphen.\d{4}
matches four digits.
You can test these patterns using tools like Rubular, which allows you to verify that your regex correctly identifies the intended data.
Last updated