Skip to content

Configure a Data Loss Prevention Rule

Some features might not be available for all customers yet.

Note

SophosLabs can independently control the file types included in Data Loss Prevention (DLP). They may add or remove certain file types to provide the best protection.

You can set up the conditions for monitored files, file types, destinations, and exclusions for a DLP rule.

The conditions you set depend on whether you are creating a File rule or a Content rule.

Restriction

These DLP rules are different from email data control policies. For information on email data control policies, see Data control policy.

To configure a DLP rule, do as follows:

  1. Set up the rule conditions.

    • To set up conditions for a content rule, do as follows:

      1. On the Content Rule Configuration page, click File Contains.
      2. (Optional) Search from the list of existing CCLs.
      3. Filter the existing CCLs by Type, Source, and Region. See Content rule filter.

        Note

        You can also create a new CCL. For more information on creating a custom rule, see Create Custom Content Control List.

      4. Select the CCLs that you want to use.

      5. Set the number of matches for the selected CCLs.

        The number of matches defines how many times a condition must be met before the rule is triggered. For example, if you set the number of matches to 2, the content rule will only trigger after the selected CCL is matched twice within the file.

        Note

        Setting the appropriate number of matches depends on how strict you want the rule to be. Lower values trigger the rule more easily, while higher values provide more tolerance before the content rule is triggered.

    • To set up conditions for a file rule, do as follows:

      1. On the File Rule Configuration page, click File types or File names.

        The conditions depend on whether you choose to match against a file type or a file name.

      2. For File types, select the file types that you want your rule to monitor.

      3. For File names, enter the name of the files that you want your rule to monitor and click Add.
  2. Click Destination is and select the destinations that you want your rule to monitor.

  3. Set the exclusion details for the rule.

    Note

    The file types you select and file names you enter won't be monitored by your rule.

    • For File types, do as follows:

      1. Click File types.
      2. Select the file types that you want your rule to monitor.
    • For File names, do as follows:

      1. Click File names.
      2. Enter the name of the files that you want to exclude.
      3. Click Add.
  4. Click Finish to create the rule.

Content rule filter

You can filter the CCLs by both region and type. For example, select New Zealand as your region and then select Recommended as your type. You'll see a list of recommended CCLs specific to New Zealand.

There are two types that we also want you to look at.

  • Recommended: Displays CCLs that are suggested as the default selection for that region. We suggest you select the recommended CCLs for the specific region you've chosen.
  • Deprecated: Displays CCLs that are no longer supported. Deprecated CCLs will only appear when using the Deprecated filter or when no filters are applied.

Deprecated and recommended CCLs.

Note

Deprecated CCLs are obsolete, and functionalities may be reduced over time. However, any policies that use the deprecated CCLs remain activated. You can still access and add these CCLs to Data control policies. For more information on Data control policies, see Data control policy.