DLP - Scan documents for a particular keyword

Netskope Global Technical Success (GTS)

DLP - Scan documents for a particular keyword

Netskope Cloud Version - 125

Objective

This article aims to detect all the downloaded/uploaded documents which contains a specific keyword

Prerequisite

SWG or Next-Gen SWG with Standard DLP

Context

A company would like to block all the upload activities related to files which contains the “confidential” keyword

Configuration

Step #1 - Define the DLP Entity

Path: Netskope Tenant UI Policies >>> Profiles >>> DLP >>> DLP Rules >>> Entities

Define a new entity to identify the “confidential” work like below:

AD_4nXeTwNiE1TdNKxJxaOCEVfYPHe_VPPTX_z5ZmbGe3SjwuN8uINrdlBe11UwvcJMvGfQ1EZr3iCdcfLLUJ-M73mDczb1Fu6hQnZJ8tGZlQd06ibwp4B1F4n8PpseoFMubLeMo0Z8_9A?key=qE_d-CV_LQipTyaplhfK6Q

ℹ️ With the confidential regex we’re matching all the files containing the “confidential” string

Step #2 - Define the DLP Rule

Path: Netskope Tenant UI Policies >>> Profiles >>> DLP >>> DLP Rules >>> Rules

AD_4nXfz9axiaCYaZEEB7epeYy6zA-H4dld5j5BOdS1iTo5QSJX_DMm8yU2AmtEbC9NhRBPi7MFtEZ2lD1fUsfZpCNWtbFGiFdiC7Mp07_u-2spKhMr5LQMeKHFCSG7t6vI2Arf9qfXnSg?key=qE_d-CV_LQipTyaplhfK6Q

Entity: Select the entity created at the Step #1 as shown above
Exact match: No changes
Advanced options: No changes
Content: Metadata & Content
Severity threshold: Set Threshold using Record, set the severity level and the “Take action at X severity” option

Step #3 - Define the DLP Profile

Path: Netskope Tenant UI Policies >>> Profiles >>> DLP

Define a new DLP Profile with the DLP Rule created at the Step #2 as shown below

AD_4nXc9JPvCnLJowDI2-PdRkdgmkxh3zvTQzVXe7ZOAZuS-4ZTDF5ToDGKe3OF8EaelIaHzRUlK8ghr9ZScgCBRrJNCJJP7zoTl2rnDmMBsD6LETvV6w5JbCcSgabaNMNbL6zIhfZBS?key=qE_d-CV_LQipTyaplhfK6Q

ℹ️ Leave the “File Profiles” section empty unless you’d like to exclude some specific files

Step #4 - Configure a Real-Time Protection Policy

Path: Netskope Tenant UI Policies >>> Profiles >>> Realtime Protection Policy

Define a new Real-Time Protection Policy with the DLP Profile just created.

AD_4nXcMfSseMu4tKblwHULTEaPxWYA7arEYTzYtd9Kv4ur3BmG_agsoqzj0mnm3o6UvXt1xLxvkmfnonzXPy-JVtAkxoJUwm6FZWT3-k7tHcAvwNtexSnG39cVN8qd-0KI7GbHkruavsA?key=qE_d-CV_LQipTyaplhfK6Q

Source: Select the users you’d like to apply the restriction or none to apply the restriction to any user
Destination Category: “Cloud Storage” or any category you’d like to select
Activities: “Upload”
DLP Profile: Select the DLP Profile created on the Step #3
Action: Block
Template: Select the user notification template

💡Consider to add also the “Unsanctioned” CCI App tag on the above policy as shown below

AD_4nXdglk4-O_ii--Qam2x0RwzEOB284SUR1Tbiu73D8WkCKhN-r8rbYhhv2CTcaSQRiy7Xqf4BAfOtwZMVuyUkysc9scLoBadsJqc5gJen5DVKWVa8levHL0P0EzorgXTtz2DKf3dlJQ?key=qE_d-CV_LQipTyaplhfK6Q

Terms and Conditions

All documented information undergoes testing and verification to ensure accuracy.
In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

This article is authored by Netskope Global Technical Success (GTS).
For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.

Be the first to reply!

Netskope Global Technical Success (GTS)