Cisco Cisco Email Security Appliance C650 Guía Del Usuario
15-15
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 15 Data Loss Prevention
DLP Policies for RSA Email DLP
Examples of Regular Expressions for Identifying Identification Numbers
Simple regular expressions that describe patterns of numbers and letters in identification or account
numbers might look like the following:
numbers might look like the following:
•
An 8-digit number:
\d{8}
•
Identification code with hyphens between sets of numbers:
\d{3}-\d{4}-\d
•
Identification code that begins with a single letter that can be upper or lower case:
[a-zA-Z]\d{7}
•
Identification code that begins with three digits and is followed by nine uppercase letters:
\d{3}[A-Z]{9}
•
Using
|
to define two different number patterns to search for:
\d{3}[A-Z]{9}|\d{2}[A-Z]{9}-\d
Using Custom Dictionaries of Sensitive DLP Terms (Custom DLP Policies Only)
AsyncOS comes with a set of predefined dictionaries from RSA Security Inc., but you can also create
custom DLP dictionaries to specify terms for the DLP scanning feature to match.
custom DLP dictionaries to specify terms for the DLP scanning feature to match.
You can create a custom DLP dictionary in several ways:
•
Backslash special characters (
\
)
The backslash character escapes special characters. Thus the
sequence
sequence
\.
only matches a literal period, the sequence
\$
only matches a literal dollar sign, and the sequence
\^
only
matches a literal caret symbol.
The backslash character also begins tokens, such as
\d
.
Important Note: The backslash is also a special escape
character for the parser. As a result, if you want to include a
backslash in your regular expression, you must use two
backslashes — so that after parsing, only one “real”
backslash remains, which is then passed to the regular
expression system.
character for the parser. As a result, if you want to include a
backslash in your regular expression, you must use two
backslashes — so that after parsing, only one “real”
backslash remains, which is then passed to the regular
expression system.
\d
Token that matches a digit (
0
-
9
). To match more than one
digit, enter an integer in
{}
to define the length of the number.
For example,
\d
matches only a single digit such as
5
, but not
55
. Using
\d{2}
matches a number consisting of two digits,
such as
55
, but not
5
.
Number of repetitions
{min,max}
The regular expression notation that indicates the number of
repetitions of the previous token is supported.
repetitions of the previous token is supported.
For example, the expression “
\d{8}
” matches
12345678
and
11223344
but not
8
.
Or (
|
)
Alternation, or the “or” operator. If A and B are regular
expressions, the expression “
expressions, the expression “
A|B
” will match any string that
matches either “A” or “B.” Can be used to combine number
patterns in a regular expression.
patterns in a regular expression.
For example, the expression “
foo|bar
” will match either
foo
or
bar
, but not
foobar
.
Element Description