Create a Classification using Dictionary
Dictionaries are collections of related keywords and phrases such as profanity or medical terminology. Creating Skyhigh Built-In Dictionary or Custom Dictionary with keywords allows you to classify your sensitive data. Sensitive data is compared to the dictionary entries and ranked according to a score, meaning the number of times the sensitive keywords need to appear in the content for the rule to be triggered.
The Classifications editor includes several Skyhigh Built-In dictionaries with terms commonly used in health, banking, finance, and other industries. You can also create your dictionaries or export built-in dictionaries to edit them to suit your organization's needs. Additionally, you can also set a score for the threshold in your classification to minimize the occurrence of false positives.
- Create a Classification using Skyhigh Built-in Dictionary
- Create Custom Dictionary using Skyhigh Built-in Dictionary
- Create a Custom Dictionary
Create a Classification using Skyhigh Security Built-in Dictionary
To create a classification using a built-in dictionary:
- Log In to Skyhigh CASB.
- Go to Policy > DLP Policies > Classifications.
- Click Actions > Create Classification.
- Classification Name. Enter a name for this classification. For example, My UK PII Dictionary. Enter an optional description to describe its use or purpose.
- Category. Select a Category from the list. For this example, select PII.
- Conditions. Click Select Criteria and select Dictionary. The Select Dictionaries cloud card displays.
- Count each match string only one time. When you select this checkbox, a string that matches the dictionary in the dictionary rule will not be counted again. To learn more about the use case, see Count each match string only one time feature.
NOTE: If you enable the Count each match string only one time checkbox, the unique match criteria apply to each dictionary in the classification. For example, if your classification has two dictionaries with the same keyword, then the classification will trigger two separate matches for the same keyword.
- Search for and select one or more built-in dictionaries you want to start from. For example, select UK PII Keywords (Skyhigh), Admission Discharge (Skyhigh), and Australian PII Keywords (Skyhigh).
NOTE: You can select any number of Skyhigh Built-In dictionaries from the Select Dictionaries cloud card, but only the first 10 Built-In dictionaries are displayed on the Classification editor.
- Click New to add a custom dictionary based on an existing Skyhigh Built-In Dictionary. For details, see Create a Custom Dictionary using Skyhigh Built-In Dictionary.
- Click i to view the Keywords for the selected Dictionary displayed on the second side panel. You can also click Usage to see if the selected Dictionary is being used in other classifications.
- Click the three-dot menu to:
- Clone. Clone the Skyhigh built-in dictionary.
- Export. Export the selected dictionaries with associated keywords and details (such as Case sensitive, Starts with, Ends with, and score) into a CSV file.
NOTE: You cannot edit the Skyhigh built-in dictionaries, including the associated keywords and advanced settings options such as Case sensitive, Starts with, Ends with, and Score. However, you can create a custom classification by either cloning the dictionaries and edit keywords and advanced setting options, or exporting the dictionaries into a CSV file and importing them.
- To close the side panel, click X.
- Click Done.
- The selected Dictionary is now added to the Classification editor. Optionally, you can edit the threshold by clicking [1]. Enter a number to indicate the weight of the Dictionary in threshold matching.
- Add more classification conditions as needed and click Save.
Your new classification with Skyhigh Built-In Dictionary is saved to the selected category in the Classifications list. Add the classification to your data protection policies as needed.
Create Custom Dictionary using Skyhigh Built-In Dictionary
Create a custom dictionary using Skyhigh Built-In dictionary to meet your data protection needs. For example, if you need to protect sensitive personal information and want to use the Skyhigh PII Keywords dictionary as your basis, but you want to add terms to suit your organizational needs.
Perform the initial steps of creating your dictionary classification as provided in steps 1 to 4 in the Create Skyhigh Security Built-In Dictionary section.
- Click New. Enter a name and optional description for the dictionary.
- To enter keywords into the dictionary:
- Click the Add keyword to manually enter words or phrases.
- Click the three- dot menu for these options:
- Import.csv. Import the keywords you want to add to this dictionary from a CSV file. For details, see Import Keywords from CSV.
- Advanced Settings. Advanced settings are flags that give more information to the DLP scanning engine. Define a keyword as Case-sensitive, Starts with, Ends with, and add a threshold Score to weight individual entries. Scores can be between negative or positive, -99 to 999. The higher the number, the greater the weight is given to the keyword, which will exceed the threshold and trigger an incident.
- Click Save. The custom dictionary My UK PII Keywords is added to the dictionary list. Select both the existing Skyhigh Built-In Dictionary and Custom Dictionary list to add to the Classification editor.
- Add more classification conditions as needed and click Save.
Your custom classification with the Custom Dictionary and Skyhigh Built-In Dictionary is saved to the selected category in the Classifications list. Add the classification to your data protection policies as needed.
Skyhigh Built-In Dictionary Use Cases
Count each match string only one time feature
Suppose you have a Confidential Data document with multiple instances of the keyword Confidential. However, if you want to trigger matches for duplicate counts, you can activate the Count each match string only one time checkbox. During the policy evaluation, the match will count only once, even if multiple instances of the keyword Confidential are found in the document. To find this option on UI, see Count each match string only one time.
Match all Keywords in Skyhigh's Built-In Dictionary List
- Create a classification using Skyhigh's built-in dictionary. Perform the initial steps of creating your dictionary classification as provided in steps 1 to 4 in the Create Skyhigh Security Built-In Dictionary section.
- Click i to view the Keywords for the selected Built-In Dictionary displayed on the second side panel. Count the number of keywords in the selected Skyhigh Built-In dictionary set. For example, the number of keywords found is 20.
- To match all keywords in the Skyhigh Built-In Dictionary list, set the match threshold on the Classification editor equal to the number of items found in the dictionary list. For example, set the threshold as 20.
- To avoid counting duplicate matched keywords multiple times, enable the checkbox Count each match string only one time and save your classification.
Set the Threshold for the number of Keyword Matches in Skyhigh's Built-In Dictionary
- Create a classification using Skyhigh's Built-In dictionary. Perform the initial steps of creating your dictionary classification as provided in steps 1 to 10 in the Create Skyhigh Built-In Dictionary section.
- Select your Skyhigh Built-In Dictionary. For example, Confidential Data and click i to view the number of keywords associated with it. You will find that there are more than 40 confidential terms listed in the keyword list. But you need only 20 random keywords from that dictionary to match and trigger an incident.
- To set the threshold as 20, add your dictionary to the Classification editor. Edit the threshold by clicking [1] and enter 20 to indicate the weight of the Dictionary in threshold matching and save your classification.
Skyhigh Built-In Dictionary and Custom Dictionary Use Case
Create Complex Matching Rules using Boolean Logic and Set Thresholds for Dictionaries
Boolean logic combines several complex rules or conditions through Rule Groups. These groups combine all conditions using OR, AND, and NOT operators. You can create complex matching rules by combining Skyhigh Built-In or Custom keyword lists using OR, AND, and NOT operators. All conditions within a group must match for the group to be triggered. Multiple Rule Groups can be defined and combined using OR, AND, and NOT operators, allowing users to set different thresholds for each Dictionary definition. This means any group within a policy must match the policy to be triggered.
To create complex matching rules and set thresholds for dictionary definitions:
- Create a classification by selecting any of or all of Skyhigh Built-In Dictionaries or Custom Dictionaries.
- Click Rule Group 2 to edit the desired name for your rule group. Set different thresholds for each Built-In or Custom Dictionary list by clicking [1]. Enter a number to indicate the weight of the Dictionary in threshold matching.
- Click AND to add more dictionary conditions to your Rule Group.
- Click NEW RULE GROUP to add a new dictionary condition combined with the OR operator.
- Click NEW RULE GROUP to add a new dictionary condition using the NOT (is not or is none of) operator and save your classification.
Match Keywords in Specific Email Sections
Suppose you have a medical email that contains a broad range of sensitive keywords, but you want the DLP engine to match keywords in specific sections of the email. To match keywords in specific sections of the email, you must first create a classification using a Skyhigh built-in or custom dictionary list of keywords. You can then configure a DLP policy with the newly created classification to specify the sections (Everywhere, Email Header) of the email. This enables the DLP engine to trigger matches on keywords in specific sections of the email, thereby reducing false positives and ensuring accuracy in your data protection measures.
For example, create a classification using a Skyhigh built-in dictionary of keywords named Australian PII Keywords, and configure a sanctioned DLP policy with the new classification to specify the Email Header section of the email. This ensures that a match is only triggered if the keywords in the Australian PII Keywords dictionary are accessed in the header section of the email.
To match keywords in specific email sections:
- Create a classification by selecting any of or all of Skyhigh Built-In Dictionaries or Custom Dictionaries. For example, select Skyhigh Built-In Dictionaries.
- Create a Sanctioned or Shadow DLP policy using the newly created classification. For example, create a sanctioned DLP policy.
- Use the Skyhigh CASB DLP policy wizard to perform the initial steps of creating your Sanctioned DLP policy as provided in steps 1 to 4 in Create a Sanctioned DLP Policy.
- On the Rules & Exceptions page, configure the following:
- Rules. For IF, select Classifications. The Select Classification cloud card appears.
- Classification. Select the newly created classification from the list of supported classifications and click Done.
- Location. Select Email Header. By default, All is selected.
- Location. Select Email Header. By default, All is selected.
- Classification. Select the newly created classification from the list of supported classifications and click Done.
- Rules. For IF, select Classifications. The Select Classification cloud card appears.
- Complete the remaining steps to configure your DLP policy as mentioned from step 5 (c) in Create a Sanctioned DLP Policy.