The Condition tab defines the logic of the rule.You can select one or more content classifier conditions, and you can generate logic between the conditions using and, or, not, and parentheses. This logic should be based on your business rules. (See the example below the table.)
|
|
|
|
|
|
|
All activities - Select this option to trigger the rule on any content without analysis. For example, you may want to specify that any content that your CEO sends is allowed.
|
|
|
Specific data - Select this option to monitor specific data, then define the specific classifier or classifiers to use. When you choose this option, indicate whether you want to trigger incidents when the threshold is matched in individual parts or the sum of all parts.
|
|
|
the transaction as a whole - Select this if you want to trigger an incident if the sum of all matches in the transaction exceeds the threshold you set. For example, if you set a threshold of 3, then a transaction with 2 matches in the message body and one match in the subject line triggers an incident.
|
|
|
each part separately - Select this if you want an incident triggered only when the threshold it reached in any one part of the transaction. For example, there would have to be 3 matches in the body or 3 in the subject line or other message part for an incident to be triggered.
|
|
Add or remove content classifiers or attributes to the condition.
|
|
|
Patterns & Phrases - Select this option to add a regular expression, a key phrase, or a dictionary.
|
|
|
File Properties - Select this option to add a file name, type or size to the condition.
|
|
|
Fingerprint - Select this option to add a file or database fingerprint classifier to the condition.
|
|
|
Number of Email Attachments - applies to email transactions only. Detect email messages with a certain number of attachments or greater
|
To edit a condition's threshold, that is, the number of matches that trigger an incident, click a hyperlink in the Properties column. If you are working with dictionary classifiers, the weights of the dictionary's phrases are taken into account when determining if a threshold is reached. See Adding a dictionary classifier for more information.
|
|
|
|
|
Custom - Lets you define under what condition you want the rule triggered.
|
If you choose Custom, do the following:
|
2.
|
Click the And, Or, or Not button to define a condition.
|
|
You are a bank and via a file fingerprinting classifier, you identify a blank application form. In your policy, you create a rule saying if this classifier is matched, permit it to be sent from all sources to all destination channels. The form is marketing. You want people to fill it out to apply for loans.
In the same policy, you create another rule: when the form contains a social security number and the word "income", it is a loan application and should be permitted to go to one destination: the loan department. It should be blocked from all other destinations. The condition logic would state: when the fingerprinting classifier is matched AND a social security number PreciseID pattern is matched AND the keyword classifier "income" is matched, it is a standard loan application—(1 AND 2 AND 3).
You can add a third rule to the policy: when content contains that same data plus the keywords "residential" or "deed" it is a mortgage application—1 AND 2 AND 3 AND (4 OR 5). Permit it to be distributed to the mortgage department and title insurance partners.
TRITON - Data Security Help
