DLP Tools

Overview

To comply with business standards and industry regulations, organizations must protect sensitive information and prevent its inadvertent disclosure. Sensitive information can include financial data or personally identifiable information (PII) such as credit card numbers, social security numbers, or health records. Using data leakage prevention (DLP) policies in MangoApps, you can identify, monitor, and alert to protect sensitive information.

With our Data Loss Prevention (DLP) policies in MangoApps, you can identify, monitor, alert and protect sensitive information in your MangoApps community.

With DLP policies, MangoApps allows organizations to:

  • Identify sensitive information across all content types.

  • Help employees learn how to stay compliant without interrupting their workflow.

  • Alert domain and compliance admins when any policy is violated on their dashboard.

  • Get a full domain-wide view showing content that matches your organization’s DLP policies.

  • Get started easily with pre-shipped patterns for PII and Financial related sensitive data.

  • Have the power to create your own custom patterns for sensitive information and make them go live in minutes with no code and no IT support.

To access the dashboard:

  1. Select Compliance>DLP Policies. On the dashboard, you see Policy Rules and Matches Log.

  2. From the DLP Policies, select Policy Rules.

Policy Rules

Policy Rules dashboard includes the following sections:

  • Name: Displays the name of the policy.

  • Last Modified On: Displays the last rule edited on date.

  • Last Modified By: Displays the last rule edited by user.

  • Status: Displays the active or de active status.

  • Kebab Menu (three vertical dots):

    • Do a Test Run: Select Do a Test Run to run the test on the set policy name. You can see the test messages that has occurrences of patterns caught by the policy rule.

    • Edit Policy: You can edit the policy rule by editing the policy rules. (Refer How to edit policy).

    • View Matches: It takes you to view the matches log for the specific filtered policy rule.

    • Delete Policy: Select to delete all matches log permanently.

Edit Policy

Follow the steps to edit the policy:

  1. Click the Kebab Menu and select Edit Policy.

  2. Enter the name and description of the rule and click Next.

  3. Select the pattern from the list.

    Default selected value is US-PII Data Pattern.

    For US-PII Data Pattern shows following pattern value: US Social Security Number (SSN), US Passport Number, US Driver’s License Number, US Taxpayer Identification Number (ITIN), US Bank Account Number, Credit Card Number.

  4. Select the Action checkbox to list the action to take when a match is found and Next.

  5. Click Preview to view the entered values and click Save Policy.

  6. Click Back if you want to do some changes.

Matches Log

The ‘matches log’ gives a list of all types of content that contains the sensitive information matched as per the policy rules.

Matches Log dashboard includes the following sections:

  • Date & Time: Displays the date and time when the content / file was added in MangoApps.

  • Policy Name: Displays the name of the policy.

  • Item Title: Displays the Title/subject/content.

  • Item Type: This includes post, message, chat, file, page, wiki, update etc.

  • Matched Pattern: Displays the sensitive information found. For example, US social security numbers (SSN), US passport number, US driver ‘s license number, Credit card number etc.

  • Posted By: Displays the username who posted the content / uploaded the file.

  • Occurrences: Displays the no. of times the sensitive information was found.

  • Action Taken: The action value in this column will be as per the policy set rule.

    • Logged only

    • Logged and notification sent to admin.

    • Logged and notification sent to admin and sender.

  • Status: Displays the status.

  • Page navigation: You can navigate to the page number you want to go.

  • Download Report XLS: You can download the items as per the selected filter value from the list and as per the policy rule set by the policy rule.

  • Rule: You can select the rule from the list.

  • Kebab Menu (three vertical dots):

    • View Item: This action comes for all items that have a direct link. It will open the item.

    • Message User: Opens the private message dialog with the “TO” user filled in as the sender (by default). This sends the private message from domain to the sender.

    • Close Alert: open and close policy alert.

Create New Policy

  1. Click Create New Policy.

  2. Enter the name and description of the rule and click Next.

  3. Select the pattern from the list.

    Default selected value is US-PII Data Pattern.

    For US-PII Data Pattern shows following pattern value: US Social Security Number (SSN), US Passport Number, US Driver’s License Number, US Taxpayer Identification Number (ITIN), US Bank Account Number, Credit Card Number.

  4. Select the Action checkbox to list the action to take when a match is found and Next.

  5. Click Preview to view the entered values and click Save Policy.

  6. Click Back if you want to do some changes.


FAQ

What is the syntax and command structure for creating a custom DLP (Data Loss Prevention) policy (i.e. for a US Passport or SSN)?

To create a custom pattern for a DLP policy, such as detecting a US Passport number, it is essential to understand the typical format of these numbers. US passport numbers are alphanumeric and typically contain 9 characters. They can include both digits and uppercase letters, but not lowercase letters. Here is a regex pattern to match a 9-character US passport number:

\b[0-9A-Z]{9}\b

Explanation:

  • \b: A word boundary to ensure the passport number is not part of a longer string of characters.

  • [0-9A-Z]: A character class that matches any digit (0-9) or uppercase letter (A-Z).

  • {9}: Specifies exactly 9 occurrences of the preceding character class.

  • \b: Another word boundary to ensure the passport number is not part of a longer string of characters.

Another example is matching a US Social Security Number (SSN). The regular expression /\d{3}-\d{2}-\d{4}/g is designed to match the common SSN format.

Explanation:

  • \d: Matches any digit (0-9).

  • {3}: Specifies exactly 3 occurrences of the preceding element (digits in this case).

  • -: Matches the hyphen character.

  • \d{2}: Matches exactly 2 digits.

  • -: Matches another hyphen character.

  • \d{4}: Matches exactly 4 digits.

  • /g: The global flag, which allows the regex to find all matches in the input rather than stopping after the first match.

This regex will match strings in the format XXX-XX-XXXX, where each X is a digit. Examples of strings it would match include:

  • 123-45-6789

  • 987-65-4321

You can test your regular expressions using tools like Rubular, which provides a quick reference for different syntax and allows you to ensure your regex matches the intended patterns.

Last updated