Netskope Community
-
Forums
ProductsCommunity Resources
-
Learn
Education, Training, Certification, and Thought LeadershipCommunity Resources
-
Groups
Community GroupsCommunity Resources
-
Events
Community Resources
- Support
- Netskope Community
- Other Forums
- Additional Discussions
- Re: Basic DLP Rules for PHI
Basic DLP Rules for PHI
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2021 12:17 PM
Is there anyone who has success creating dlp rules using the canned identifiers for PHI? I'm struggling to get a basic combination of First Name, Last Name, Medical Condition to match my test file. I can match and have policy hit for individual identifiers but what I add them in combination using boolean (ANY or NEAR) I get no hits. Specifically the combo with FirstName (Given Name) and LastName (Surname) I'm unable to match on. Ultimately Im trying to match something like this. (FirstName AND LastName) AND Medical Condition. here is s record from my test file (xlsx)
| Name | Medical Condition | Phone Number | Account Num |
| Bob White | Schizophrenia | 2155183152 | 4789632 |
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-21-2021 03:18 PM
Hi @ajentsch,
I have a few Suggestions - and I apologize in advance if you already tried them:
1.) Try the 'Full Names(US)' instead of 'FirstName and LastName'
2.) Be aware of the different language/country selections for the DLP Rules
3.) The 'Near' operator does work well for these type of searches: I'd just use P0 near P1 near P2 without parenthesis. Of course - that is if you are still using FirstName and LastName with Condition.
4.) Since you are testing - use baby steps when creating the rule. Example: start with just FirstName & LastName.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2021 05:15 AM
@tyler, Thanks for your suggestions. I've been trying a multitude of combos with this and documenting my results. Here is what I've found. When trying any of the identifiers (FullName, FirstName, or LastName, Medical condition) individually I get hits on all 12 records. When I add combos of these I get these results.
The most accurate one i found is:
LastName Near Medical Condition: Hits all 12 (but sees some firsnames as lastnames.
FirstName AND LastName - No Hits
FirstName NEAR LastName - No Hits
FullName NEAR Medical Cond. - 3 hits
FullName AND Medical Cond. - 3 hits
FirstName AND LastName - No Hits
FirstName NEAR LastName - No Hits
Here are the actual identifiers that I'm using.
Diagnostic Classifications (ICD-10-CM)
Surnames(US)
Given Names(US)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-25-2021 07:20 PM
It's not surprising that we hit some FirstNames as LastNames. There are people out there with Last Names like Blue, Azure, etc.
Are you using the other features, like 'Record Based Scan' or 'Count only unique record'?
Finally, have you tried using the canned DLP Profile for PHI?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Cloud Exchange - Syslog Splunk in Additional Discussions
- Using Microsoft Teams to Monitor Netskope Platform Events and Alerts in Additional Discussions
- Secure Hybrid Access with Azure Active Directory (AAD) and Netskope in Additional Discussions
- Cloud Exchange - Justify Usage - business rule workflow config in Additional Discussions
- Help me understand my options to steer traffic from Azure to Netskope. in Additional Discussions
-
cloud exchange
14 -
DLP
10 -
Threat Protection
6 -
sdwan
5 -
MacOS
5 -
Advanced Analytics
4 -
IaaS
4 -
netskope client
4 -
CASB
3 -
cloud threat exchange
3 -
SASE
3 -
SWG
3 -
ztna
3 -
ipsec
3 -
client update
3 -
API
3 -
Netskope Agent
3 -
SupportPoral
3 -
vpn
2 -
Rest API
2 -
Community Forum
2 -
Proxy
2 -
Real-time Policy
2 -
NPA
2 -
Webinar
2 -
Netskope
2 -
Netskope Client installation mechanism
2 -
steering
2 -
publisher
2 -
Azure
2 -
Netskope Endpoint Client
2 -
technology partner
2 -
Windows 365 Desktop
2 -
Client
2 -
docker
2 -
SCIM
2 -
best practice
2 -
on-prem
2 -
NSClient
2 -
private access
2 -
Azure AD
2 -
Community Resources
2 -
NG-SWG
2 -
Cloud & Threat Challenges
2 -
SAML
2 -
crowdstrike
1 -
user
1 -
Workshops
1 -
IDP
1 -
Netskope Cloud Security
1 -
Netskope Community
1 -
Users Policies
1 -
PAC file
1 -
Netskope Advocacy
1 -
POP Server
1 -
QRadar
1 -
RBAC
1 -
voip
1 -
regex
1 -
Based-Group
1 -
proxy configurations
1 -
Admin
1 -
cisco
1 -
policy
1 -
export
1 -
roadmap
1 -
Based-Users
1 -
explicit proxy over IPSec
1 -
Microsoft Outlook
1 -
skopeit
1 -
MIP
1 -
MS Teams
1 -
Netskope Private Access
1 -
On-Premise Detection
1 -
HELP!
1 -
Infrastructure as Code (IaC)
1 -
SD-WAN
1 -
meraki
1 -
Authentication
1 -
APIv2
1 -
Remote access
1 -
Microsoft Sentinel
1 -
SupportPortal
1 -
Netskope Admin
1 -
cloud app
1 -
Email DLP
1 -
SIEM Integration
1 -
Managed apps
1 -
Verizon
1 -
Home-office
1 -
traffic routing
1 -
OVF-OVA
1 -
json
1 -
coexistence
1 -
VMware
1 -
DBIR
1 -
remote workers
1 -
traffic steering
1 -
Linux based
1 -
restriction
1 -
interoperability
1 -
logs
1 -
Adoption
1 -
Groups
1 -
Virtual Machines
1 -
HA
1 -
NewEdge
1 -
certificate error
1 -
integration
1 -
option
1 -
GRE
1 -
Reporting
1 -
Rest API to fetch the Users from NetSkope
1 -
Azure Virtual Desktop
1 -
PROD
1 -
Communications
1 -
Forensic File Storage
1 -
OSX
1 -
tunnel
1 -
ServiceNow
1 -
SMTP
1 -
Threat and Vulnerability Management
1 -
Provisionning
1 -
Monitoring
1 -
Auto-update
1 -
DLP Violation
1 -
security posture check
1 -
Bug
1 -
Cloud Security
1 -
User Defined Route (UDR)
1 -
scim query postman
1 -
Time Actively Spent on Sites Widget
1 -
CCI
1 -
Macintosh
1 -
Support
1 -
install
1 -
Unmanaged Devices
1 -
Office365
1 -
Internet next hop type
1 -
ChangeManagement
1 -
Technical Success
1 -
API Credentials
1 -
steer traffic
1 -
beta
1 -
single mode
1 -
Active Directory
1 -
Waterfox Browser
1 -
AD
1 -
hub-and-spoke model
1 -
Workflow
1 -
License
1 -
risk management: cloud services
1 -
datacenter
1 -
multi-user mode
1 -
Adapters
1 -
Next Gen SWG
1 -
Network Virtual Appliances (NVA)
1 -
Business Rule
1 -
cloudexchange
1 -
advanced analytics custom
1 -
pop
1 -
peruserconfig
1 -
RBI
1 -
tenant
1 -
AZURE-AD-FREE
1 -
IPSec Tunnels
1 -
Data Loss Prevention
1 -
splunk
1 -
watermark
1 -
training
1 -
SSPM
1 -
Sync
1 -
Cloud Firewall License
1 -
SSO cloud exchange azureAD
1 -
syslog
1
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In