Documentation
|
Support
Policies Overview
> What's in a policy?
What's in a policy?
Administrator Help | Forcepoint DLP | Version 8.5.x
Related topics:
Managing rules
Managing exceptions
Classifying Content
Defining Resources
In Forcepoint DLP, policies contain rules, exceptions, conditions (defined by content classifiers), and resources. This is true of predefined and custom policies.
Element
Description
Rules
Provide the logic for the policy. They are the conditions that govern the behavior of the policy. When should something be blocked? When should managers be notified?
Rules can apply to a single breach or to the accumulation of breaches over a period of time. Standard rules create incidents every time a rule is matched. Cumulative rules accumulate matches over time and create incidents when a threshold is met. This is known as
drip DLP
.
Exceptions
Define the conditions that should be exempt from the rules. An exception is part of a rule and checked only when its rule is triggered.
You cannot add exceptions to cumulative rules, and exceptions themselves cannot be cumulative.
Content classifiers
Describe the data to be governed. You can classify data by file properties, key phrases, dictionaries, scripts, database fingerprints, directory fingerprints, file fingerprints, regex patterns, or by providing positive examples for machine learning.
Resources
Describe the source and destination of the data you want to protect, the endpoint device or application that may be in use, and the remediation or action to take when a violation is discovered (such as block or notify).
These components are the building blocks of a policy. When you create a policy from a policy template, it includes all rules, classifiers, sources, destinations, and actions. When you create a policy from scratch, wizards prompt you for such information.
Discovery policies also contain discovery tasks. These describe where to perform the discovery. On networks, this may include a file system, SharePoint directory, IBM Domino server, Box directory, database, Exchange server, or Outlook PST files. If you're performing endpoint discovery, it includes the exact computers to scan.
Policies Overview
> What's in a policy?
Copyright 2017 Forcepoint. All rights reserved.