+4
How can I create an exclusion for DLP Realtime policies for a single user/group to exclude a specific Domain for a Specific DLP policy?
Use case is,
A user 1/Group 1 to exclude from a Single DLP policy (PCI DLP Policy) to an abc[.]com.
But, if any other users/Groups try to upload PCI data we need detection. And, when the same user 1/Group 1 tries to upload PHI Data then we need detection on abc[.]com.
Thanks in advance.
+1
You can create two policies like this.
1st: Source: User1 - DLP Profile - PCI - Allow & DLP Profile - PHI - Block (select 2 DLP profiles)
2nd: Source: Group1 - DLP Profile PCI - Block
+4
Thanks for your response
But what about if I have multiple exclusions? Do I need to create a single policy for new exclusion based on user or group every time right?
If this is the case, we do get more exclusion DLP policies when compared to DLP detection policies.
Thanks,
+1
It depends on the case. You may need to find out how to optimize your rules.
+17
Hi
Hope you are doing well. If
+4
Hello
Apart from that, there is no other option for an exclusions. But this will lead to an increase in the police count in the future.
However, this is not the best way to streamline the exclusions. This is a little bit painful process for exclusions and tracking them in the future when compared with other DLP vendors.
+1
I just gave you the answer based on your requirement. If there are more requirements, then you would need a different policy.
If you haven't already registered, now is a good time to do so. After you register, you can post to the community, receive email notifications, and lots more. It's quick and it's free! Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.