Solved

Github API Data Protection Whitelist

  • 7 December 2023
  • 4 replies
  • 3 views

Userlevel 1
Badge +5

I have a DLP policy looking for specific data objects in Github using a regex, but it is triggering on known test data. Any ideas on how I can configure the DLP policy to ignore my spreadsheet of known test objects? For instance create an incident for ABC123, but ignore ABC111. Thx

icon

Best answer by sshiflett 11 December 2023, 20:48

View original

4 replies

Userlevel 6
Badge +16

Hello @jschuele,

 

Is the ABC111 test data or a file name?  If you're using custom regex, you can look at the entity modifiers which allow you to specify data that should not match.  See the Advanced Options here including the "Does not match" option:

https://docs.netskope.com/en/netskope-help/data-security/data-loss-prevention/dlp-entity/

If it's the file name, you can use the file profile to filter the name and then does not match within the DLP profile to exclude it from the profile. 

https://docs.netskope.com/en/netskope-help/data-security/real-time-protection/profiles/adding-a-file-profile/

https://docs.netskope.com/en/netskope-help/data-security/data-loss-prevention/dlp-profiles/create-a-custom-dlp-profile/

 

Userlevel 1
Badge +5

Its the test data and I have custom regex's. I will take a look at the link you sent. Thx

Userlevel 1
Badge +5

I was wondering why I had not heard of the option in the link you provided. I don't see Entities. Does this have to be turned on in he backend?

 

Userlevel 6
Badge +16

It might be depending on the age of your tenant.  I'd suggest reaching out to your local account team or Technical Success Manager to discuss enabling it.  It became available starting in R91. 

https://docs.netskope.com/en/netskope-help/netskope-release-notes/netskope-cloud-release-notes/netskope-release-notes-version-91-0-0/new-features-and-enhancements-in-release-91-0-0/

There are some considerations to migrations if I recall correctly (I may be mistaken as it's been some time since I last looked into it.  It would be good to validate that you can enable it without any changes to existing entities. 

Reply