Page tree
Skip to end of metadata
Go to start of metadata

Multiple DLP Actions

Each affected user action requires its own individual DLP rule. For instance, if an admin wanted to use the same Rule Expressions to control both DOWNLOAD and SHARE, two rules using the same Rule Expressions would be required.

DLP crawlers run on all daily cron jobs and remove shares that violate any SHARE ENFORCE rules.


 Read how to create your own DLP rules

 Learn more about DLP Rule Expressions

ObjectiveAffected User ActionRule ExpressionsExample RuleDLP ActionRESULT
Control download of filesDOWNLOAD
  • _file.path
  • _file.pathStartsWith
_file.path == '/myuser/mydir/myfile.pdf'
OR

_file.pathStartsWith('/myuser/mydir')
DENYUsers cannot download files from the path expressed in the rule.
Control downloads and shares of files based on metadata



DOWNLOAD

SHARE


  • _metadata.exists('metadataValue")
  • _metadata.existsWithValue(metadataValue, value)
  • _metadata.existsWithValueInArray(metadataValue, value)
  • _metadata.existsWithCondition(metadataValue, operator, value)

Note: The metadata set and the attribute specified cannot contain periods within their names. For example, cce.pii is valid, but cce.x.pii.y is not valid.

_metadata.exists('cce.pii')

OR

_metadata.existsWithValue('content.category', 'confidential')

OR

_metadata.existsWithValueInArray('content.categories', 'pii')

OR

_metadata.existsWithCondition('content.Risk Level', '>', 6)


ALLOWUsers can download and share files with associated metadata.
Control login/access and downloading of files based on IP/Device/IP Range/country code

DOWNLOAD

LOGIN

  • _request.remoteIp
  • _request.agent
  • _request.inIpv4Range(lowIp, highIp)
  • _request.remoteCountryCode
  • _request.inIpV4CdirRange(cdirRange)

_request.remoteIp == '43.12.45.78'"

OR

_request.agent == 'Unknown'"

OR

_request.inIpv4Range('138.204.26.1', '138.204.26.254)"

OR

_request.remoteCountryCode == 'US'
OR 

_request.inIpV4CdirRange('10.2.0.0/16')
DENYUsers from the given IP, agent, IP range, country code, or CDIR ip range will not be permitted to login or download.
Control login/access, downloading and sharing of files based on user attributes

DOWNLOAD

LOGIN

SHARE

  • _user.username
  • _user.email
  • _user.userType
  • !_user.inGroup
  • _user.isMasterAdmin
 _user.username =='FileCloudUser1'
OR

_user.email == 'john.Doe@mail.com'

OR

user.userType == 'Guest Access'

OR

!_user.inGroup('managers')

OR

_user.isMasterAdmin


DLP Action:

ALLOW/DENY



ALLOWUsers with the given username, email address, user type, any user not in the group 'managers', and the master Admin will be permitted to login, as well as downloading and sharing files.
Control file sharing

DOWNLOAD

SHARE

  • _share.path
  • _share.public
  • _share.allowedUsers
  • _share.allowedGroups
  • _share.hasUsersFromDomain(domain)
  • _share.onlyUsersFromDomain(domain)
  • _share.pathStartsWith(start)
  • _share.pathContains(text)
  • _share.pathMatches(pattern)

Note:  share.pathMatches(pattern) supports the wildcards: 

   `*` - any sequence of characters
   `#` -  a single character

Rule Expression: 

_share.public

OR

_share.allowedUsers

OR

_share.allowedGroups

OR

_share.hasUsersFromDomain('gmail.com')

OR

_share.onlyUsersFromDomain('mycompany.com')

OR

_share.pathStartsWith('/myuser/mydir')

OR

_share.pathContains('sometext')

OR

_share.pathMatches('*sometext*')



ALLOW

Select users select groups, and users coming from a particular domain can access a specified or matching path.



Control file download and login combinations

DOWNLOAD

LOGIN

  • !_user.inGroup
  • _metadata.existsWithValue
  • _request.remoteIp
Rule Expression: 

!_user.inGroup('superadmin') and _metadata.existsWithValue('PII.Confidentiality Level', 'HIGH')
OR

_user.inGroup('external') or _request.remoteIp in ['45.45.45.1', '45.45.45.2', '45.45.45.7']



DLP Action:

ALLOW/DENY



DENYUsers in the given groups or IP ranges will not be able to download files or access paths with the given metadata (in this case, a HIGH value for the attribute 'PII.Confidentiality Level'
Control sharing based on domain of user doing the sharingSHARE
  • _user.isEmailInDomain(domainsToCheck)
Rule Expression: 

_user.isEmailInDomain('example.com', 'mail.com')
ALLOWUsers with one of  the specified email domains are permitted to share files.
  • No labels