How would you write the rule expression for this: (P0) - Passwords (Contextual) (C0) - Custom Passwords (C1) - Custom Word 1 (C2) - Custom Word 2
I want to look for P0 or C0 as long as either is NOT NEAR C1 or C2. The UI doesn't let me build the write logic. Ideally, I think I would want this (which isn't allowed in the UI): ( P0 OR C0 ) NOT NEAR (C1 OR C2)
here is the real world use case. We have employees that like to communicate Zoom links with the password. If we just use any password detection DLP rule it will trigger on these. We don't want to trigger on if a password is present near a specific zoom URL (e.g. https://acme.zoom.us).
you're right. I forgot the negation. You just need to add a NOT before. The mistake was easy to spot:
NOT ( (P0 NEAR P2) OR (P0 NEAR P3) OR (P1 NEAR P2) OR (P1 NEAR P3) )
If I was you I would invest a abit of time on researching the docs and testing carefully instead of just asking for the solution, copy/pasting and responding "does not work". I didn't give you the solution but the idea was right. You just did not analyze it enough to see it.
Being polite and thankful also helps to build community and encourages people to keep helping each other. I hope you understand.