Creating Data Leak Prevention Rules

Only administrators with DLP privileges are able to create, modify, and delete DLP rules.

To create and edit DLP rules, follow the steps below:

  1.  Access FileCloud's Admin portal > Governance > Smart DLP

  2. To create a new rule, click Add DLP Rule.
    The Create Rule dialog box opens:

  3. Fill in the fields.
    • Rule Name: A name that identifies the DLP rule.
    • Affected User Actions: User actions that trigger the DLP rule (DOWNLOAD, SHARE, or LOGIN).
    • Rule Expression: Criteria for triggering the DLP rule. A minimum of one expression is required in order to create a DLP rule.
      You can either use the Rule Expression Builder to help you construct a rule expression or type it in manually using the Rule Expression Text Editor.
      For help using the Rule Expression Builder, see Create a rule with the rule expression builder, below.
      See a list of Rule Expressions.
    • DLP Action: Allow or Deny the user action if the parameters of the rule expression are triggered.
    • DLP Mode: If a rule is violated, whether or not the action will be prevented. Regardless of the mode, the system creates an audit log.
      Options are:
      • Enforce - (Default) The action will be prevented.
      • Permissive - The action will not be prevented.
    • Rule Notification: Message displayed to users when a rule is violated. Does not apply to log-in rules. 
      The following HTML tags are supported: <a>, <br>, and <p>. Only full urls (those beginning with http:// or https://) can be rendered.
  4. Click Create.
    The rule appears in the DLP Rules table.



Create a rule with the rule expression builder

The Rule Expression Builder helps you ensure that your rules have the right parameters and correct formatting. The first example demonstrates how to use the expression builder to create a simple single-condition rule. The second example shows how to create a more complex rule that contains several conditions.


This rule blocks downloading of files with metadata indicating that they contain personal identification information (PII).

  1. Go to the DLP page and click Add DLP.
  2. In the Create Rule dialog box, enter a Rule Name, and choose DOWNLOAD in Affected User Actions.
  3. Click Rule Expression Builder.


    The Rule Expression Builder opens.
  4. Click ADD.

    You are given two choices: New Rule and New Rule Group
  5. Since this is a simple rule, choose New Rule.
    Fields for creating a rule appear.
  6. The top field shows options based on the Affected User Action. Since the Affected User Action is DOWNLOAD, the options are Request, File, Metadata, and User
  7. Choose Metadata.
  8. In the next field, choose exists, and in the last field, choose the metadata set and the parameter that indicates that the file contains PII.
    For this example, the metadata set is cce and the parameter is pii
  9. Click Save, and then click Update.
  10. In the Rule Update dialog box, choose a DLP Action, DLP Mode, and optionally enter a Rule Notification, and click Create.
    The rule appears in the Smart DLP list.


This rule blocks downloading of a file  either:

  • Sent from a user in the group User
    OR
  • Sent from  a user in the group Manager and sent from the Server address 1.1.1.1.
  1. Go to the DLP page and click Add DLP.
  2. In the Rule Update dialog box, enter a Rule Name, and choose DOWNLOAD in Affected User Actions.
  3. Click Rule Expression Builder.
  4. Click Add.
    You are given two choices: New Rule and New Rule Group
  5. To add the condition that only checks if the user is in the User group, choose New Rule.
  6. Fill the fields with User, in group, and Users.
  7. Click Save.
  8. Click ADD again.
  9. Since you are adding a two-condition rule, click New Rule Group.
    Clicking New Rule Group will enclose the conditions that follow in parentheses and embed it one level.
    You may embed up to four levels of rule groups.
  10. Choose the indented ADD directly under AND.
    Make sure you click the correct ADD link.


  11. Click New Rule.
  12. Fill in the fields with User, in group, and Managers.
  13. Click ADD directly under the fields for this condition, and choose New Rule.
  14. Enter the fields Request, ip equals, and 1.1.1.1.
  15. Click Save for each of the conditions.
  16. The rule expression is saved. 
  17. Since the expression is checking if one condition OR the other condition exists, change the top AND to OR.
  18. Click Update.
  19. Make sure your Rule Expression is correct, then fill in values for DLP Action, DLP Mode, and Rule Notification, and click Create.
    The rule appears in the Smart DLP list.



If the Rule Expression is not valid, an error will be thrown. 

DLP crawlers run on all daily cron jobs and remove shares that violate any SHARE ENFORCE rules.