Creating a discovery policy

Administrator Help | Forcepoint DLP | Version 8.8.2

Related topics:

Scheduling Discovery Tasks

Creating Custom DLP Policies

Managing rules

Managing exceptions

Create new policies from the Main > Policy Management > Discovery Policies > Manage Discovery Policies page in the Data Security module of the Forcepoint Security Manager.

Click Add in the toolbar at the top of the content pane, then select either Predefined Policy or Custom Policy.

A wizard appears. The options in the wizard are different, based on the policy type that you selected.

Predefined policies

In the wizard for predefined policies:

Click Next and select the geographical regions to cover.

Click Next and select the industries to cover.

The Finish screen appears, summarizing your selections. Click Finish. The Forcepoint DLP policy database is updated and a confirmation message appears. The policies you selected appear in a list.

Highlight a policy to read details about it. You can view all relevant policies or only those that are commonly used. (For more information about these regulatory compliance policies, see Predefined Policies.)

Custom policies

In the wizard for custom policies:

On the General tab, enter a unique Policy name and a Description of the policy.

Mark Enabled to activate the policy.

By default, no Policy owners are included in the policy. To define policy owners, click Edit, then:

Select the type of accounts to Display (Administrators, by default).

Select one or more accounts from the list on the left, then click the right arrow to move them to the Selected list. Accounts in this list are considered policy owners, and are notified in the event of a policy breach.

Click OK.

Indicate whether to Use the policy name for the rule name (default) or Use a custom name for the rule.

If you select the custom name option, enter a custom Rule name and, optionally, a Description.

Click Next.

Use the Condition tab, specify whether this rule monitors specific data or all activities, and whether the data is monitored in all parts of the transaction as a whole or each part of the transaction separately.

Click Add to add one of the following content classifiers or attributes to the condition you are creating:

Patterns & phrases: Follow the Select a Content Classifier wizard and choose one from the list of existing classifiers or build your own. Toggle between the General and Properties tabs to complete the information and click OK. See Patterns & Phrases for details.

File Properties: Select file properties to add to this policy. Click OK. See File properties for details.

Fingerprint: Select the fingerprint classifier to use for this policy. Click OK. See Fingerprint for details.

Select a Content Classifier and click Remove to not include it in the condition you are defining.

Select an answer for the question: When do you want to trigger the rule?

All conditions are matched

At least one condition is matched

Custom

After selecting custom, use the options on the right to complete the condition description.

Click Next to define the Severity & Action for incidents that match this rule and to specify the action plan to be taken. Click Advanced to further specify the severity according to the number of matched conditions.

10.

Click Next to complete the wizard.

11.

Click Finish to create the new rule and add it to the policy.

The process of adding rules and exceptions to discovery policies is the same as for DLP policies. See Managing rules and Managing exceptions for instructions.