When using Classifications for Email DLP policies, you can specify the part of the email where you want to look for those Data Classifications, such as the email subject, header, body, attachment, or the Service Default. This secures any place where a user can enter content in an email client.
For other collaboration services, such as Exchange Online, Skyhigh CASB applies the policy to all possible content and metadata locations to find content matches in chat messages, documents, or files.
Classification locations are available only for synchronized Trellix ePO data classifications.
To create an Email DLP policy using Classification Locations:
- In Skyhigh CASB go to Policy > DLP Policies > DLP Policies.
- Click Actions > Sanctioned Policy > Create New Policy.
- On the Description page:
- Name. Enter a unique, descriptive name to help identify the policy.
- Description. (Optional) Enter a description for your DLP Policy.
- Deployment Type. Select an integration method. Some user actions and response actions depend on the Type you choose.
- Services. Click Select Service Instances, then select the instances you want the policy to apply to from the list.
- Click Done.
- Users. Click Edit to select one of the options for Users to Include in the policy.
- On the Rules & Exceptions page:
- Classification. For your rule group, select your Classification.
- Location. By default, the Classification Location will be Service Default. But for email services, you can customize this. Definitions for each option follow:
- Service Default:
- For email services, the Service Default applies the Classification rule policy to all email content including the email subject, with the exception of the headers. This is due to the fact that by default, Skyhigh CASB scans the places where a user can enter content in an email client. Email headers often contain many alphanumeric identifiers that could otherwise create false positive matches.
- For other collaboration services such as Exchange Online, Service Default applies the policy to all possible content and metadata locations for the specific service as needed, such as chat messages, documents, or files.
- Email Subject: Applies the Classification rule policy to content in the email subject line.
- Email Header: Applies the Classification rule policy to the email header.
- Email Body: Applies the Classification rule policy to content in the email text body.
- Email Attachments: Applies the Classification rule policy to any email file attachments.
- Service Default:
- Click OK.
- Click Next.
- Add any other rule groups to your policy, then click Next.
- On the Review page, review your policy and click Save.