Create a DLP Policy

Overview

This guide provides instructions on creating and editing a Data Loss Prevention (DLP) policy. Define a new policy by specifying a name, description, and selecting a predefined data pattern. US-PII Data Pattern. Configure actions for detected data, review settings, and save the policy.

Creating a New DLP Policy

Click the Create New Policy button located in the top right of the screen to access the Create New Policy menu.

Enter a name and description for the policy, then click Next.

In the next step, select a data pattern from the list.

In the Action section, select checkboxes to define the response when a match is found, then click Next.

This action will always populate to the Matches Log.

In the final section, review the information entered in Steps 1 and 2. To make edits, click Edit next to the relevant field or use the Back button to return to a previous step.

Once everything is correct, click Save Policy to save and activate the new policy.

FAQ

Q. How do I define a custom pattern for specific data types like a US Passport Number or SSN?

A. To create a custom DLP pattern, use regular expressions (regex) to match the specific format of the data you want to detect.

Example: US Passport Number

US passport numbers are 9-character alphanumeric codes (uppercase letters and numbers only). Use the following regex pattern to detect them:

\b[0-9A-Z]{9}\b

Explanation:

• \b ensures the number is a separate word.

• [0-9A-Z] matches any digit (0-9) or uppercase letter (A-Z).

• {9} specifies exactly 9 characters.

Example: US Social Security Number (SSN)

US SSNs follow the XXX-XX-XXXX format. Use this regex pattern:

\d{3}-\d{2}-\d{4}

Explanation:

• \d{3} matches three digits.

• - matches the hyphen separator.

• \d{2} matches two digits.

• Another - matches the second hyphen.

• \d{4} matches four digits.

You can test these patterns using tools like Rubular, which allows you to verify that your regex correctly identifies the intended data.