Example Rules

Multiple DLP Actions

Each affected user action requires its own individual DLP rule. For instance, if an admin wanted to use the same Rule Expressions to control both DOWNLOAD and SHARE, two rules using the same Rule Expressions would be required.

DLP crawlers run on all daily cron jobs and remove shares that violate any SHARE ENFORCE rules.


 Read how to create your own DLP rules

 Learn more about DLP Rule Expressions

ObjectiveAffected User ActionRule ExpressionsExample Rule ExpressionDLP ActionRESULT
Control download of filesDOWNLOAD
  • _file.path
  • _file.pathStartsWith
  • _file.ext
  • _file.pathContains
  • _file.pathMatches
  • _file.fileNameContains
_file.path == '/myuser/mydir/myfile.pdf'

OR

_file.pathStartsWith('/myuser/mydir')

OR

_file.ext == 'pdf'

OR

_file.pathContains('/myuser/mydir')

OR

_file.pathMatches('/myuser/mydir')

OR

_file.fileNameContains('mrn')
DENYUsers cannot download files from the path expressed in the rule or with the extension or term in the filename.
Control downloads and shares of files based on metadata



DOWNLOAD

SHARE


  • _metadata.exists('metadataValue")
  • _metadata.existsAll('metadataValue")
  • _metadata.existsWithValue(metadataValue, value)
  • _metadata.existsWithValueInArray(metadataValue, value)
  • _metadata.existsWithCondition(metadataValue, operator, value)

Note: The metadata set and the attribute specified cannot contain periods within their names. For example, cce.pii is valid, but cce.x.pii.y is not valid.

_metadata.exists('cce.pii')

OR

_metadata.existsAll('cce.pii')


OR

_metadata.existsWithValue('content.category', 'confidential')

OR

_metadata.existsWithValueInArray('content.categories', 'pii')

OR

_metadata.existsWithCondition('content.Risk Level', '>', 6)


ALLOWUsers can download and share files with associated metadata.
Control login/access and downloading of files based on IP/Device/IP Range/country code

DOWNLOAD

LOGIN

  • _request.remoteIp
  • _request.agent
  • _request.inIpv4Range(lowIp, highIp)
  • _request.remoteCountryCode
    Note: To use this expression, the Show Geo IP Chart setting in the Settings > Admin screen must be set to TRUE.
  • _request.inIpV4CidrRange(cidrRange)

_request.remoteIp == '43.12.45.78'"


OR

_request.agent == 'Unknown'"

OR

_request.inIpv4Range('138.204.26.1', '138.204.26.254)"

OR

_request.remoteCountryCode == 'US'


OR 

_request.inIpV4CidrRange('10.2.0.0/16')
DENYUsers from the given IP, agent, IP range, country code, or CIDR ip range will not be permitted to login or download.
LOGIN
  • _request.isAdminLogin 
_request.isAdminLoginDENYIf the 
Control login/access, downloading and sharing of files based on user attributes

DOWNLOAD

LOGIN

SHARE

  • _user.username
  • _user.email
  • _user.userType
  • !_user.inGroup
  • _user.isMasterAdmin
 _user.username =='FileCloudUser1'
OR

_user.email == 'john.Doe@mail.com'

OR

user.userType == 'Guest Access'

OR

!_user.inGroup('managers')

OR

_user.isMasterAdmin


DLP Action:

ALLOW/DENY



ALLOWUsers with the given username, email address, user type, any user not in the group 'managers', and the master Admin will be permitted to login, as well as downloading and sharing files.
Control file sharing

DOWNLOAD

SHARE

  • _share.path
  • _share.public
  • _share.onlyAllowedEmails
  • _share.allowedUsers
  • _share.allowedGroups
  • _share.hasUsersFromDomain(domain)
  • _share.onlyUsersFromDomain(domain)
  • _share.pathStartsWith(start)
  • _share.pathContains(text)
  • _share.pathMatches(pattern)

Note:  share.pathMatches(pattern) supports the wildcards: 

   `*` - any sequence of characters
   `#` -  a single character

Rule Expression: 

_share.public

OR

_share.onlyAllowedEmails

OR

_share.allowedUsers

OR

_share.allowedGroups

OR

_share.hasUsersFromDomain('gmail.com')

OR

_share.onlyUsersFromDomain('mycompany.com')

OR

_share.pathStartsWith('/myuser/mydir')

OR

_share.pathContains('sometext')

OR

_share.pathMatches('*sometext*')



ALLOW

Select users select groups, and users coming from a particular domain can access a specified or matching path.



Control file download and login combinations

DOWNLOAD

LOGIN

  • !_user.inGroup
  • _metadata.existsWithValue
  • _request.remoteIp
  • _request.isAdminLogin
  • !_request.inIpV4CidrRange
Rule Expression: 

!_user.inGroup('superadmin') and _metadata.existsWithValue('PII.Confidentiality Level', 'HIGH')



OR

_user.inGroup('external') or _request.remoteIp in ['45.45.45.1', '45.45.45.2', '45.45.45.7']

OR

_request.isAdminLogin && !_request.inIpV4CidrRange('10.2.0.0/16')    


DLP Action:
ALLOW/DENY



DENYUsers in (or not in) the given groups or IP ranges will not be able to download files or access paths with the given metadata (in this case, a HIGH value for the attribute 'PII.Confidentiality Level'

OR

Users logging into the admin portal in the given IP range will not be able to download files or log in.
Control sharing based on domain of user doing the sharingSHARE
  • _user.isEmailInDomain(domainsToCheck)
Rule Expression: 

_user.isEmailInDomain('example.com', 'mail.com')
ALLOWUsers with one of  the specified email domains are permitted to share files.