General

How to create a sensitive content DLP policy with Custom Regex in SysCloud?

Step 1: Login to SysCloud application < https://app1.syscloud.com/ThreatCenter.aspx?#/threatCenter/

If you are subscribed to both Backup and Security applications, you will be redirected to the backup dashboard, please click on "Safety, Security and Compliance" on the top navigation bar, else continue to step 2. 

Step 2: Click on 'Create Policy' under 'Safety, Security & Compliance' menu.. 

Step 3: You will be redirected to the 'Create Policy > DLP' page.  

Step 4: Hover on 'Sensitive content' policy card and click on 'Select Policy' 

Step 5: Name your policy and click on 'Next' 

Step 6: Click on 'Include' and choose Domains & Accounts, Users, Groups, Org Units, Shared Drive or pre-defined templates to define the policy scope.  

Note: Learn how to create a policy scope template. 

Step 7: Click on 'Exclude" if you wish to exclude specific Domains & Accounts, Users, Groups, Org Units or Shared Drive from the existing selection. Else click on "Next". 

Step 8: Select the services/applications to scan and click on "Next". 

Step 9: Choose 'Yes' if you want to apply this policy for all files, else choose 'No' to apply only for specific files, folders or MIME types. Alternatively, you can choose the criteria from a pre-defined template. Click on "Next" to continue. 

Step 10: Click on 'Add' and define the 'Content conditions' to check for. 

Step 11: Choose from the pre-defined content types or select 'Custom regex pattern' to define other search criteria. 

Pre-defined content types: You can choose from the pre-defined content types offered by SysCloud like Social Security Number, IP address, Credit card information etc from the drop-down and define high, medium & low risk thresholds for each content type. 

Custom regex pattern: Choose 'Custom regex pattern' from the Content type drop-down. Add the 'Description', 'Custom regex pattern', 'Affinity text (optional)' and define high, medium & low risk thresholds. Click on "Add" to continue.

Note: SysCloud supports PCRE flavor of regex. Learn how to create a custom regex pattern. 

Step 12: Click on 'Add More' to add more content conditions and repeat Step 11. 

or  

Click on "Create and Activate" to complete the policy creation. 

or 

Click on "Next" to define real-time actions, policy exceptions & incident notification settings and continue to Step 13. 

Step 13: Define the real-time actions to be taken on the flagged files. Click 'Create & Activate" to complete the policy creation or click on "Next" to continue. 

Step 14: Select how you would like to handle the exception requests. Click 'Create & Activate" to complete the policy creation or click on "Next" to continue. 

Step 15: Configure Incident reporting and communication settings for policy announcement and violations. Click 'Create & Activate" to complete the policy creation.