About Classification Condition Operators
Data Loss Prevention (DLP) classification includes operators such as is, is not, is one of, is all of, and is none of, which are essential for defining conditions that help identify and manage sensitive data. These operators are essential for creating complex DLP policies that help organizations effectively identify, classify, and protect sensitive data while minimizing false positives. Also, it enhances the flexibility and precision of DLP policies.
You can use the is and is not operators for nearly all classification conditions, with the is operator set as the default operator. The operators is one of, is all of, and is none of become available only when you add or select more than one value. These operators are supported for the following Classification Conditions:
|
Legends used in the table: |
|
Classification Conditions |
Classification Condition Operators | |
| is, is not | is one of, is all of, is none of | |
| Dictionary |  |
|
| Document Properties | |
|
| Exact Data Matching | is- |
 |
|
Advanced Pattern |
|
|
|
True File Type |
|
is one of, is none of- |
|
File Extensions |
is- |
is one of - |
|
File Size |
|
|
|
Location in File |
is - |
is one of - |
|
Keywords |
|
|
|
Proximity |
|
|
|
File Encryption |
is- |
is one of- |
|
File Name |
|
|
|
ML Auto Classifier |
|
|
The details of each operator are described below:
Is Operator
This operator checks if a specific condition exactly matches a specified value. It is used when you want to classify data that must meet a specific criterion without any ambiguity. It is ideal for situations where precise identification is necessary.
For example, Condition: Document Properties is [Medical Records]
Interpretation: This condition is true if the document properties exactly match the specified value.
For instance, during the Classification evaluation, if the document's properties explicitly match the values defined in the Medical Records document property set, then it qualifies as a match. If the document properties contain any other value, such as the 'Patient Records' or 'Health Information' document property sets, the condition will be evaluated as false. The classified data can be used to define your Data Loss Prevention (DLP) policies effectively.
Is Not Operator
This operator checks if a particular condition does not match a specified value. It is used to create exclusionary rules in classification, allowing organizations to filter out data that should not be classified as sensitive.
For example, Condition: True File Type is not [Word Processing Files]
Interpretation: This condition is true if the true file type of the document does not match the specified value.
For example, during the Classification evaluation, if the true file type identified is Apple iWork Keynote, MATLAB, or Multiplus (AES), then it will qualify as a match. This condition excludes Word Processing files listed in Skyhigh's recommended list, such as Word, Excel, PowerPoint, Rich Text Format(RTF), and more from being classified as sensitive. The classified data can be used to define your Data Loss Prevention (DLP) policies effectively.
Is One Of Operator
This operator checks if a specific condition matches any one of a defined set of values. It is used when you want to classify data that has multiple sets of values and it allows for flexibility in classification.
For example, Condition: Dictionary is one of [UK PII Keywords, UK Surnames, Cellular Operator Call Log]
Interpretation: This condition is true if the keywords or phrases match any one of the keywords or phrases in the specified dictionaries.
For instance, during the Classification evaluation, if the Dictionary explicitly matches any one of the keywords or phrases defined in the UK PII Keywords, UK Surname, and Cellular Operator Call Log dictionaries, then it qualifies as a match. The classified data can be used to define your Data Loss Prevention (DLP) policies effectively.
Is All Of Operator
This operator checks if a specific condition matches all specified values simultaneously. It is used when you want to ensure that multiple values must be satisfied for the classification to be triggered. This operator enforces stricter classification requirements.
For Example, Condition: Advanced Pattern is all of [Credit Card Number (American Express), Australian Business Number, Australian Medicare Card Number]
Interpretation: The condition is true if the Advanced Pattern meets all specified regex patterns.
For instance, during the Classification evaluation, if the Advanced Pattern explicitly matches all the regular expressions defined in the Credit Card Number (American Express), Australian Business Number, and Australian Medicare Card Number patterns, it qualifies as a match. The classified data can be used to define your Data Loss Prevention (DLP) policies effectively.
Is None Of Operator
This operator checks if a given condition does not match any of the specified values. It is used to exclude certain criteria from being classified as sensitive data. This operator helps refine DLP policies by filtering out unwanted data and focusing on data that does not meet the specified criteria for the classifications to be triggered.
For example, Condition: ML Auto Classifier is none of [Health Care (Patient Records), Intellectual Property (Patents, Source Code) or PII ( ID Document Image)]
Interpretation: The condition is true if the ML Auto Classifier does not match the specified values. This excludes categorizing those specified values and instead focuses on other potential matches for categorization.
For instance, during the classification evaluation, if the ML Auto Classifier identifies a document as belonging to the category of Finance and Trade (such as Financial Reports and Financial Statements), it qualifies as a match and automatically organizes various types of financial documents. In this scenario, the ML Auto Classifier excludes certain specified values from being classified as sensitive, including Health Care (Patient Records), Intellectual Property (Patents, Source Code), and PII (ID Document Image). This classification process is essential for effectively defining your Data Loss Prevention (DLP) policies