Technical Library | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring the Mobile Data Loss Prevention Policy > Configuring attributes
Configuring attributes
Administrator Help | TRITON AP-DATA | Version 8.3.x
Select one or more email attributes to include in the policy. For each, highlight the attribute and click Enabled in the right pane. Define properties in the right pane as well.
When the system detects a match for an attribute, it triggers the policy.
If you want to send notifications when there is a violation of a particular attribute setting, select the Send Notification check box. You can configure who receives the notifications by clicking the name of the notification, "Mobile policy violation." Click this option to define the mail server, email subject, and message body, as well as other required properties.
By default, policy owners receive notifications.
For each attribute, indicate how severe a breach would be (low, medium, or high severity), and what action should be taken if a breach is detected. The default severity levels and available actions are shown below for each attribute. Actions are described in Adding a new action plan.
 
Field
Description
Message size
Select the size of email messages to monitor. For example, choose 25 MB if you want the system to analyze and enforce messages exceeding 25 MB, but you're not concerned about messages smaller than 25 MB, even if there is a match. The default size is 10 MB.
Default severity: low.
Available actions: quarantine (default), permit.
Regulatory & compliance
Select the regulatory and compliance laws you need to enforce. These are applied to the regions you selected with the regulatory & compliance option.
*
Personally Identifiable Information (PII)
*
Protected Health Information (PHI)
*
Payment Card Industry (PCI DSS)
If you have not selected regions, an error pops up. Click "Select regions" to fix this.
Once you've selected a law, click its name to view or edit the specific policies to enforce.
For example, in the PCI category, both Europe and US credit card policies are enforced by default. You might exclude the US credit card policy if you do not do business in the US. Applying only the policies you need improves performance and reduces resource consumption.
Select a sensitivity for each policy.
*
Wide is highly sensitive and errs on the restrictive side. To avoid leaking sensitive data, it is more likely to produce a false positive (unintended match) than a false negative (content that is not detected).
*
Default balances the number of false positives and false negatives.
*
Narrow is the least restrictive. It is more likely to let content through than to produce an unintended match.
Default severity: high.
Available actions: quarantine (default), permit.
Attachment name
One by one, enter the names of the exact files that should be monitored when they're attached to an email message. Include the filename and extension. Click Add after each entry.
For example, add the file named confidential.docx. When that file is attached to an email message, the system detects it and either permits or quarantines the message.
Default severity: low.
Available actions: quarantine (default), permit
Attachment type
Click Add to specify the types of files that should be monitored when attached to an email message, for example Microsoft Excel files.
From the resulting dialog box, select the type or types of files to monitor. If there are more file types than can appear on the page, enter search criteria to find the file type you want. The system searches in the file type group, description, and file type for the data you enter.
If the file type does not exist, specify exact files of this type using the Attachment name attribute instead.
Default severity: low.
Available actions: quarantine (default), permit.
Patterns & phrases
Click Add to define key phrases or regular expression (RegEx) patterns that should be monitored. RegEx patterns are used to identify alphanumeric strings of a certain format.
On the resulting dialog box, enter the precise phrase (for example "Internal Only") or RegEx pattern (for example ~ m/H.?e/) to include.
Select how many phrase matches must be made for the policy to trigger. The default number of matches is 1.
Define whether to search for the phrase or RegEx pattern in all email fields, or in one or more specific fields. For example, you may want to search only in an attachment, or skip searching in To and CC fields.
Default severity: medium.
Available actions: quarantine (default), permit.
Note:
Although you do not define whether to search only for unique strings, the system will use the following defaults:
Key phrase: non-unique - all matches will be reported.
Regular expression: unique - only unique matches will be reported as triggered values.
Acceptable use
Select the dictionaries that define unacceptable use in your organization. For example, if you want to prevent adult language from being exchanged by email, select Adult.
TRITON AP-DATA includes dictionaries in several languages. Select the languages to enforce. Only terms in these languages are considered a match. For example, if you select the Adult dictionary in Hebrew, then adult terms in English are not considered an incident.
Note that false positives (unintended matches) are more likely to occur when you select multiple languages. For this reason, exercise caution when selecting the languages to enforce.
You cannot add or delete terms from predefined dictionaries, but you can exclude them from detection if you are getting unintended matches. Select Main > Content Classifiers > Patterns & Phrases, select the dictionary to edit, then enter the phrases to exclude.
By default the policy is triggered by a single match from the dictionary or dictionaries you select.
Default severity: medium.
Available actions: quarantine (default), permit.
Questionable images
Select this attribute to prevent pornographic images from entering your organization. (This feature requires a separate Image Analysis module subscription). Pornographic images pose a legal liability to organizations in many countries.
The system judges images based on the amount of flesh tone they contain.
Default severity: low.
Available actions: quarantine (default), permit.
Enable trusted users
Trusted users are those who you feel you don't need to monitor. Trusted users do not get analyzed by the system.
If you have users that you do not want enforced:
1.
Select Enable trusted users.
2.
Click Edit.
3.
Browse for the users, directory entries, and business units you trust.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Configuring the Mobile Data Loss Prevention Policy > Configuring attributes
Copyright 2016 Forcepoint LLC. All rights reserved.