Skip to main content
  • EN

 

AD_4nXcV-cvaysE18J-EE4QO4Ns2oHV-sDiSzs_Wu71iCtQscnYlcdH8xR6Rv-Kz_kHqcevojB-HenkGRHKOIcwpOPAHwbH72JXmJwPVUw6QUoN927oevDw5rmvtCjpZN27uUsgm6M4n?key=WdsY-vqVyjoH3UnWySLC3VdE

Netskope Global Technical Success (GTS)

DLP - Scan documents for a particular keyword

 

 

Netskope Cloud Version - 125

 

Objective

This article aims to detect all the downloaded/uploaded documents which contains a specific keyword

 

Prerequisite

SWG or Next-Gen SWG with Standard DLP

 

Context

A company would like to block all the upload activities related to files which contains the “confidential” keyword

 

Configuration

 

Step #1 - Define the DLP Entity

Path: Netskope Tenant UI >>> Policies >>> DLP >>> DLP Rules >>> Entities

 

Define a new entity to identify the “confidential” work like below:

 

AD_4nXd66Y6LpQxezCYz6PhUelpiOkzz_T5dfwBkG-4TMEb3PPg6Tw1uKM7x5XK3UKPtIScX936MImwDtrvcK7qn8uCEvy4XcXoPzQNLcEqCCB03NIKEOKnb4F-aU7dES4i8cvW5la-mIA?key=qE_d-CV_LQipTyaplhfK6Q

 

ℹ️ With the confidential regex we’re matching all the files containing the “confidential” string

 

Step #2 - Define the DLP Rule

On thePolicies > Profiles > DLP > DLP Rules > Rules” menu define a new Rule 

 

AD_4nXf5MnKyO4fs6YoCTfHrBo7ub-dEg77UQS8gUokvgsrRTGV-XLL2CO9p_KoO5m06HCOLGWGddGOc2GNtUVXwU2xTtvs97j7jlhI7p-576GAZ0cTmDKcAoQ6vAra2CoClaDVdtweeWQ?key=qE_d-CV_LQipTyaplhfK6Q

 

  • Entity: Select the entity created at the Step #1 as shown above
  • Exact match: No changes
  • Advanced options: No changes
  • Content: Metadata & Content 
  • Severity threshold: Set Threshold using Record, set the severity level and the “Take action at X severity” option

 

Step #3 - Define the DLP Profile

On thePolicies > Profiles > DLP” menu define a new DLP Profile with the DLP Rule created at the Step #2 as shown below

 

AD_4nXfmRkKdqXGZEQRvvkhpnPBZtvTLxsdY1cWDeOXFJRFJe0T1cPKWWOj88E3NQ7Q2-SHvYZQAKDSnL5zO2zf59QM8n-S1ogr3jdqi-ULNNzyfwVbR3oRBgFKpCXcZuw2JLbZu2u9u?key=qE_d-CV_LQipTyaplhfK6Q

 

ℹ️ Leave the “File Profiles” section empty unless you’d like to exclude some specific files

 

Step #4 - Configure a Real-Time Protection Policy

On thePolicies > Real-Time Protection” menu define a new Real-Time Protection Policy with the DLP Profile just created

 

  • AD_4nXfk63A1MCay4E84WW10fVOkNUjZROvIEpCdnFMTouO4K_2MNKZ-1_StRCBH0lf4N2vEBrdgKoj1Y2aeVJrJgyaO6WfF4gmYSUaD0SagmV3ycF0ZPp_WfODwzZcST9JBomLb3C268A?key=qE_d-CV_LQipTyaplhfK6Q
  • Source: Select the users you’d like to apply the restriction or none to apply the restriction to any user
  • Destination Category: “Cloud Storage” or any category you’d like to select
  • Activities: “Upload”
  • DLP Profile: Select the DLP Profile created on the Step #3
  • Action: Block
  • Template: Select the user notification template

 

💡Consider to add also the “Unsanctioned” CCI App tag on the above policy as shown below

 

AD_4nXergmKaeki-g2lC5RQqD3oHV_2CK6hDcpHPZG0ZljwytmkBqBEDAHLZ1tsMP5S5A3BeUUNRfb47nVd0Z5ixNJHFd6btsqIhI_kYqiPPVbsn3BzmmUsCTS7qEh1JVkELDqf-rtwfLg?key=qE_d-CV_LQipTyaplhfK6Q

 

Terms and Conditions

  • All documented information undergoes testing and verification to ensure accuracy.
  • In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

  • This article is authored by Netskope Global Technical Success (GTS).
  • For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
Be the first to reply!

Badges Winner

Show all badges

Not finding what you're looking for?

Don't be shy and let us know about your challenge.

Ask your question here!
Terms & ConditionsCookie settings