Using ICAP DLP with CCE

If you have integrated ICAP DLP with FileCloud, you can create a content classification rule that flags files, thereby enabling DLP to prevent downloading or sharing of those files.

To set up your system to use ICAP DLP with CCE:

  1. In ePolicy Orchestrator, add rules for flagging files to block from downloads or shares. 
    For example if file contains 10 or more bank account numbers, flag it for blocking (since it may be a data leak).
  2. Add custom metadata that can be set to true or false depending on whether or not McAfee authorizes the file. For example add the metadata parameter dlp-allowed with possible values of true and false.
  3. Set up a FileCloud CCE rule that uses the classifier IcapDLP. The CCE rule is applied each time a file is uploaded. It sets dlp-allowed to true or false depending on whether or not McAfee authorizes it.
    1. To go to the Manage Content Classification Rules screen, in the Admin portal navigation panel, click Smart Classification.
    2. Click Add rule.
      The Add rule dialog box opens.
    3. In Name, enter a name for the rule.
    4. In Event triggers, enter ADDFILE,UPDATEFILE.
    5. In Definition, enter a rule similar to:

       

      {
          "classifier": "IcapDLP",
          "precondition": "true",
          "condition": "count(_classifications) > 0",
          "matchaction": {
              "DLP allowed": {
                  "dlp-allowed": "false"
              }
          },
          "defaultaction": {
              "DLP allowed": {
                  "dlp-allowed": "true"
              }
          },
          "parameters": []
      }

    6. Click Save.



      Now, in FileCloud Smart DLP, add rules that prevent download or sharing for files with the dlp-allowed metadata parameter set to false.