- Watch an interactive demo to create a Classification
Use classifications in your Shadow/Web DLP Policies to identify sensitive data. A range of built-in classifications are provided for complying with various regulations, or you can create custom classifications, using criteria such as keywords, regular expressions, file type, and more.
Keyword validation looks for a predefined set of keywords within a 200-character (about 30-word) radius from a matched pattern.
- Go to Policy > DLP Policies > Classifications.
- Click Actions > Create Classification.
- Classification Name. Enter a name for this classification. For example, Confidential Data 2. Enter an optional description to describe its use or purpose.
- Category. Select a Category from the list. For this example, select Sensitive.
- Conditions. For IF, for this example, select Keywords.
The other Conditions available are:
Dictionaries are collections of related keywords and phrases such as profanity or medical terminology. Add a Skyhigh Security built-in dictionary or customize your own. Set a threshold to reduce false positives by editing the number.
TIP: Click the i icon to the right of a Skyhigh dictionary to view the keywords and phrases included in the dictionary. You can also click Usage to see if the selected dictionary is used in other classifications.
|Document Properties are used to classify documents based on the file metadata. You can add Skyhigh predefined property or custom property. Set a property using the operator, define values, and use a comma to separate the values from the list.
|Exact Data Matching
Exact Data Match (EDM) fingerprints allow you to define classification criteria for the user records exported from a database (in rows and columns) to a .csv or .tsv file. You can select the required rows and columns to define classification.
Advanced patterns are regular expressions or phrases used to match data, such as dates or credit card numbers. Select a Skyhigh built-in advanced pattern or customize your own. Set a threshold to reduce false positives by editing the number.
TIP: Click the i icon to the right of a Skyhigh Advanced Pattern to view all its details. You can also click Usage to see if the selected Advanced Pattern is being used in other classifications.
|True File Type
Specify the True File Type to determine which files to detect. For example, a CPP file saved as a TXT file can be detected using the True File Type classification criteria. Select from the Skyhigh Security built-in True File Types.
TIP: Click the i icon to the right of a Skyhigh Security True File Type to view its details.
File Extensions are supported file types you want to apply the classification criteria, such as MP3 and PDF. Select Skyhigh Security built-in file extensions or customize your own.
Specify the minimum or maximum size of the files you are interested in. Between allows you to define a range. Choose from:
|Location in File
Select the section of the file to look for sensitive content; Header, Footer, Body or within the first characters. This option becomes available in the Classifications Editor when you select to use a Dictionary, Advanced Pattern, or Keyword as a definition type.
|Keywords specify a string value. You can add multiple keywords, separated by commas. Keywords are not reusable in other classifications. Enter keywords, separated by a comma. Any match will count as a detection.
|Proximity match specifies the minimum number of characters between the selected options such as Advanced patterns, Dictionary, and Keyword.
|Encryption provides an extra layer of protection to your files. It allows you to create a Classification and select File Encryption types to detect them in your files.
|Allows you to define the list of file names, which can be used to match, process, and protect sensitive data during the DLP policy evaluation. You can define custom file names using the is, contains, or regex operators.
- Enter the Keywords separated by commas: Confidential, Sensitive, Secret.
- Click AND to add more conditions as needed.
- Click NEW RULE GROUP to add more conditions. Several conditions can be combined using Boolean logic. Boolean logic is supported through Rule Groups. All conditions in a group are logically combined with OR and AND operators. All conditions must match within the group. Multiple Rule Groups can be named, defined, and combined logically with OR and AND operators. This means any group within a policy must match the policy to be triggered.
The Custom Classification is added to your Category. You may use it to create DLP Policies.