Netskope Community
-
Forums
ProductsCommunity Resources
-
Learn
Education, Training, Certification, and Thought LeadershipCommunity Resources
-
Groups
Community GroupsCommunity Resources
-
Events
Community Resources
- Support
- Netskope Community
- Products
- CASB
- Help with NOT NEAR dlp rule
Help with NOT NEAR dlp rule
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-18-2023 06:54 AM
How would you write the rule expression for this:
(P0) - Passwords (Contextual)
(C0) - Custom Passwords
(C1) - Custom Word 1
(C2) - Custom Word 2
I want to look for P0 or C0 as long as either is NOT NEAR C1 or C2. The UI doesn't let me build the write logic. Ideally, I think I would want this (which isn't allowed in the UI):
( P0 OR C0 ) NOT NEAR (C1 OR C2)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2023 11:48 AM
Hi @nduda ,
I think what you want is NOT (( P0 OR C0 ) NEAR (C1 OR C2))
Not sure, but hope it helps.
Regards,
Òscar
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2023 12:39 PM
No go. I don't think using NOT for this scenario is possible.
Invalid syntax in rule expression, check the position of the NEAR operator along with opening and closing parenthesis.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-27-2023 01:31 AM
Hello @nduda , you're right.
I'm afraid this is the only way to achieve what you want:
(P0 NEAR P2) OR (P0 NEAR P3) OR (P1 NEAR P2) OR (P1 NEAR P3)
Don't know the performance impact of a DLP rule like this.... you may check with support or PPSS.
PS: likes are appreciated.
Regards,
Òscar
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-27-2023 09:00 AM
This doesn't address the "NOT NEAR" though.
here is the real world use case. We have employees that like to communicate Zoom links with the password. If we just use any password detection DLP rule it will trigger on these. We don't want to trigger on if a password is present near a specific zoom URL (e.g. https://acme.zoom.us).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-27-2023 01:30 PM
Hello @nduda ,
you're right. I forgot the negation. You just need to add a NOT before. The mistake was easy to spot:
NOT ( (P0 NEAR P2) OR (P0 NEAR P3) OR (P1 NEAR P2) OR (P1 NEAR P3) )
If I was you I would invest a abit of time on researching the docs and testing carefully instead of just asking for the solution, copy/pasting and responding "does not work". I didn't give you the solution but the idea was right. You just did not analyze it enough to see it.
Being polite and thankful also helps to build community and encourages people to keep helping each other. I hope you understand.
Said that, I hope it helped.
Kind regards,
Òscar
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Detecting Super-Admin OAuth Tokens in Google Workspace with Netskope SSPM in Security Posture Management
- ChatGPT broken with Netskope now in Cloud Access Security Broker (CASB)
- Referrer Allow Rule Not Working in Next Gen Secure Web Gateway (SWG)
- Reduction of Risk Dashboard in Advanced Analytics Dashboard
-
CASB
30 -
Netskope Agent
7 -
Client
7 -
DLP
6 -
API-Enabled Protection
6 -
API
5 -
NSClient
5 -
NG-SWG
4 -
netskope client
3 -
Real-time Policy
3 -
alerts
3 -
Unsanctioned apps
3 -
Upgrade
2 -
Real time policy
2 -
vpn
2 -
Threat Protection
2 -
MS Teams
2 -
steering
2 -
Sanctioned apps
2 -
update
2 -
policy
2 -
CCI
2 -
block
2 -
incidents
2 -
Troubleshooting
2 -
install
2 -
Collaboration
1 -
Support
1 -
roles
1 -
Messaging
1 -
steering exception
1 -
questions
1 -
policies
1 -
Privileges
1 -
version
1 -
IDC
1 -
Reports
1 -
Office 365
1 -
HTTP Header Profile
1 -
cisco
1 -
API Throttling
1 -
Next Gen SWG
1 -
APP instance
1 -
Real time protection
1 -
Webinar
1 -
Authentication
1 -
ssl
1 -
cloud update
1 -
storage
1 -
fedramp
1 -
Netskope
1 -
block IE11 traffic
1 -
ssl error
1 -
corrupted state
1 -
Winzip
1 -
SWG
1 -
MacOS
1 -
other
1 -
settings
1 -
certificate
1 -
Adobe
1 -
ztna
1 -
configuration
1 -
trust
1 -
Allowlist
1 -
NPA
1 -
private access
1 -
Managed apps
1 -
Netskope Endpoint Client
1 -
Unique Device ID
1 -
Zero Trust
1 -
VDI
1 -
Office365
1 -
Unmanaged apps
1 -
malware
1 -
google
1 -
Facebook
1 -
VMware
1 -
jumpcloud
1 -
security posture check
1 -
Messenger
1 -
Reporting
1 -
UPD errors and nsClientFLow
1 -
blockuploads
1 -
ServiceNow
1 -
Azure-AD
1 -
Compromised Credentials
1 -
application assessment request
1 -
GitHub
1 -
sku
1 -
Sharepoint
1 -
whatsapp app
1 -
steer traffic
1 -
data usage
1 -
APIv2
1 -
Onedrive
1 -
Netskope Client installation mechanism
1 -
AutoUpdate
1 -
Outlook
1 -
googledocs
1
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In