Ask the community

DLP is not working for CSV, TXT, JPG & PNG

Indu
Partner
Partner

Hi Community Team,

 

A DLP policy with PCI-DSS profile is placed as top-rule to identify sensitive information in upload & download activities. It is working as expected only with DOCX files. This policy is not working with CSV, TXT, JPG & PNG files. When uploading CSV/TXT files, the policy is not even being hit. I would like enquire with Netskope community if anyone has noticed such issue and how they fixed it.

 

Thanks.

1 Solution
Indu
Partner
Partner

The fix is to apply to DLP-PCI and DLP-PII instead of Payment Card Industry Data Security Standard (PCI-DSS) profile. It is strange behavior and weird fix, but policy is now identifying TXT and CSV files.

View solution in original post

5 Replies 5
0x114
Partner
Partner

Hard to say without any screenshots. Do you have a file profile configured in your DLP profile that could be limiting the rule to specific extensions/file types?

ryans
Netskope
Netskope

Is this for inline Real-time Protection Policy or API Enabled Protection policy? JPG and PNG formats require OCR which is not currently generally available for RTP. API OCR scanning has certain licensing requirements and is limited to 4MB file size on supported types (BMP, JPG, PNG, and TIFF).

 

As for the CSV, @0x114 makes a good point in that it's hard to advise without seeing your actual config. 

Hi @ryans, & @0x114 

we confirmed that JPG & PNG need advanced DLP license, hence not working.

Inspection of CSV & TXT files should work with Standard DLP license, but it is still not working as expected.

We are using RTP (real-time protection policy).

We are using default Payment Card Industry Data Security Standard (PCI-DSS) profile. It doesn't have specific file type extension and hence it should apply to all files.

Here is the copy of the policy.

 

Indu_0-1690777400188.png

 

Thanks.

 

Indu
Partner
Partner

The fix is to apply to DLP-PCI and DLP-PII instead of Payment Card Industry Data Security Standard (PCI-DSS) profile. It is strange behavior and weird fix, but policy is now identifying TXT and CSV files.

ryans
Netskope
Netskope

@Indu it sounds like your sample data wasn't matching how the rules are defined in the Payment Card Industry Data Security Standard (PCI-DSS) profile. You can look at your DLP Incident details to see what rule was violated in the DLP-PCI profile. My guess is that same rule isn't in Payment Card Industry Data Security Standard (PCI-DSS) or if it is, it's defined slightly differently. 

 

I suggest you review how the DLP rules are built between the two to profiles to better understand the detection logic. The context used in DLP-PCI is a bit more broad in terms of what identifiers are used and what context is matched within those rules. When dealing with structured data such as spreadsheets you should also consider if "record based scanning" and setting Global Identifiers is required. 

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In