Creating a discovery policy

Administrator Help | TRITON AP-DATA | Version 8.3.x

Related topics:

Scheduling Discovery Tasks

Creating Custom DLP Policies

Managing rules

Adding exceptions

Select Main > Policy Management > Discovery Policies.

Click Manage Policies.

In the toolbar, click Add.

Select either Predefined Policy or Custom Policy.

If you select Predefined Policy, a wizard appears.

Click Next and select the geographical regions to cover.

Click Next and select the industries to cover.

The Finish screen appears, summarizing your selections. Click Finish. The TRITON AP-DATA policy database is updated and a confirmation message appears. The policies you selected appear in a list.

Highlight a policy to read details about it. You can view all relevant policies or only those that are commonly used. (For more information about these regulatory compliance policies, refer to Predefined Policies.)

If you select Custom Policy, a policy wizard appears.

Complete the fields as follows:


Field	Description
Policy name	Enter a name for this policy.
Enabled	Select this check box to enable the policy in your organization.
Policy description	Optionally, provide a description of this policy.
Policy owners	By default, no policy owners are included in the policy. To define a policy owner(s), click Edit. In the resulting box, select the people who should receive notification in the event of a policy breach. Click the right-arrow to move them into the Selected List. These are known as policy owners. See Selecting items to include or exclude in a policy for instructions on using the selector tool.
Use the policy name for the rule name	This option is a default selection. A rule will be created for the new policy you are creating. This option allows the rule name to be the same as the policy name for easier identification.
Use a custom name for the rule	Select this option if you do not want the rule name to be the same as the policy name. When you select this option, you can add a custom Rule name and optionally, a Rule description.

Click Next.

Define the Condition in which a breach of this rule should be considered an event. Specify the following:

Field

Description

This rule monitors

Specify if this rule should monitor specific data or all activities in the transaction as a whole or each part separately.

Add

Select this button to add one of the following content classifiers or attributes to the condition you are creating:

Patterns & phrases: Follow the Select a Content Classifier wizard and choose one from the list of existing classifiers or build your own. Toggle between the General and Properties tabs to complete the information and click OK. See Patterns & Phrases for details.

File Properties: Select file properties to add to this policy. Click OK. See File properties for details.

Fingerprint: Select the fingerprint classifier to use for this policy. Click OK. See Fingerprint for details.

Remove

Select a Content Classifier and click Remove to not include it in the condition you are defining.

Condition Relations

Select an answer for the question: When do you want to trigger the rule? Choose one option from the following:

All conditions are matched

At least one condition is matched

Custom

If you select the Custom option, you get additional descriptions and options to make your choices.

Click Next to define the Severity & Action for incidents that match this rule and to specify the action plan to be taken. Click Advanced to further specify the severity according to the number of matched conditions.

Click Next to complete the wizard.

Click Finish to create the new rule and add it to MyPolicy.

Like data loss prevention policies, you can add rules and exceptions to discovery policies. The procedure is the same. See Managing rules and Adding exceptions for instructions.