This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask the community

DLP is not working for CSV, TXT, JPG & PNG

Go to solution
Indu
Partner
Partner

‎07-26-2023 01:41 AM

Hi Community Team,

 

A DLP policy with PCI-DSS profile is placed as top-rule to identify sensitive information in upload & download activities. It is working as expected only with DOCX files. This policy is not working with CSV, TXT, JPG & PNG files. When uploading CSV/TXT files, the policy is not even being hit. I would like enquire with Netskope community if anyone has noticed such issue and how they fixed it.

 

Thanks.

Labels:
0 Likes
1 Solution
Go to solution
Indu
Partner
Partner

‎07-31-2023 11:28 PM

The fix is to apply to DLP-PCI and DLP-PII instead of Payment Card Industry Data Security Standard (PCI-DSS) profile. It is strange behavior and weird fix, but policy is now identifying TXT and CSV files.

View solution in original post

0 Likes
5 Replies 5
Go to solution
0x114
Partner
Partner

‎07-27-2023 12:42 PM

Hard to say without any screenshots. Do you have a file profile configured in your DLP profile that could be limiting the rule to specific extensions/file types?

0 Likes
Go to solution
ryans
Netskope
Netskope

‎07-27-2023 04:58 PM

Is this for inline Real-time Protection Policy or API Enabled Protection policy? JPG and PNG formats require OCR which is not currently generally available for RTP. API OCR scanning has certain licensing requirements and is limited to 4MB file size on supported types (BMP, JPG, PNG, and TIFF).

 

As for the CSV, @0x114 makes a good point in that it's hard to advise without seeing your actual config. 

Go to solution
Indu
Partner
Partner
In response to ryans

‎07-30-2023 09:23 PM - edited ‎07-30-2023 09:25 PM

Hi @ryans, & @0x114 

we confirmed that JPG & PNG need advanced DLP license, hence not working.

Inspection of CSV & TXT files should work with Standard DLP license, but it is still not working as expected.

We are using RTP (real-time protection policy).

We are using default Payment Card Industry Data Security Standard (PCI-DSS) profile. It doesn't have specific file type extension and hence it should apply to all files.

Here is the copy of the policy.

 

Indu_0-1690777400188.png

 

Thanks.

 

0 Likes
Go to solution
Indu
Partner
Partner

‎07-31-2023 11:28 PM

The fix is to apply to DLP-PCI and DLP-PII instead of Payment Card Industry Data Security Standard (PCI-DSS) profile. It is strange behavior and weird fix, but policy is now identifying TXT and CSV files.

0 Likes
Go to solution
ryans
Netskope
Netskope

‎08-01-2023 05:37 AM

@Indu it sounds like your sample data wasn't matching how the rules are defined in the Payment Card Industry Data Security Standard (PCI-DSS) profile. You can look at your DLP Incident details to see what rule was violated in the DLP-PCI profile. My guess is that same rule isn't in Payment Card Industry Data Security Standard (PCI-DSS) or if it is, it's defined slightly differently. 

 

I suggest you review how the DLP rules are built between the two to profiles to better understand the detection logic. The context used in DLP-PCI is a bit more broad in terms of what identifiers are used and what context is matched within those rules. When dealing with structured data such as spreadsheets you should also consider if "record based scanning" and setting Global Identifiers is required. 

0 Likes
Subscribe
Top Liked Authors
Show More

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In