Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
17-35
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 17 Data Loss Prevention
Message Actions
Before You Begin
•
For deployments with RSA Enterprise Manager: You can configure either the Email Security
appliance (Message Actions page) or Enterprise Manager (DLP policies) to send DLP violation
notifications to users. To prevent duplicate notifications, set up notifications using one or the other,
but not both.
appliance (Message Actions page) or Enterprise Manager (DLP policies) to send DLP violation
notifications to users. To prevent duplicate notifications, set up notifications using one or the other,
but not both.
•
Familiarize yourself with the
. You can
use these variables to customize the notification with specific details about each violation.
Procedure
Step 1
Select Mail Policies > Text Resources.
Step 2
Click Add Text Resource.
Step 3
For Type, select DLP Notification Template.
DLP variables are not available for the plain Notification template.
Step 4
Enter notification text and variables.
The notification should inform its recipients that an outgoing message may contain sensitive data that
violates your organization’s data loss prevention policies.
violates your organization’s data loss prevention policies.
What To Do Next
Specify this DLP notification template in a Message Action in a DLP policy in the DLP Policy Manager.
DLP Notification Template Variable Definitions
Use the following variables to include specific information about each DLP violation in the notification.
Variable Substituted
With
$DLPPolicy
Replaced by the name of the email DLP policy violated.
$DLPSeverity
Replaced by the severity of violation. Can be “Low,” “Medium,”
“High,” or “Critical.”
“High,” or “Critical.”
$DLPRiskFactor
Replaced by the risk factor of the message’s sensitive material
(score 0 - 100).
(score 0 - 100).
$To
Replaced by the message To: header (not the Envelope
Recipient).
Recipient).
$From
Replaced by the message From: header (not the Envelope
Sender).
Sender).
$Subject
Replaced by the subject of the original message.
$Date
Replaced by the current date, using the format MM/DD/YYYY.
$Time
Replaced by the current time, in the local time zone.
$GMTimestamp
Replaced by the current time and date, as would be found in the
Received: line of an email message, using GMT.
Received: line of an email message, using GMT.
$MID
Replaced by the Message ID, or “MID” used internally to
identify the message. Not to be confused with the RFC822
“Message-Id” value (use $Header to retrieve that).
identify the message. Not to be confused with the RFC822
“Message-Id” value (use $Header to retrieve that).