Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
11-25
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 11 Data Loss Prevention
Examples of Regular Expressions for DLP
The primary case for using regular expressions in content matching classifiers is to detect specific
account, patient, or student identification numbers. These are usually simple regular expressions that
describe patterns of numbers and letters. For example:
account, patient, or student identification numbers. These are usually simple regular expressions that
describe patterns of numbers and letters. For example:
•
An 8-digit number:
\d{8}
•
Identification code with hyphens between sets of numbers:
\d{3}-\d{4}-\d
•
Identification code that begins with a single letter that can be upper or lower case:
[a-zA-Z]\d{7}
•
Identification code that begins with three digits and is followed by nine uppercase letters:
\d{3}[A-Z]{9}
•
Using
|
to define two different number patterns to search for:
\d{3}[A-Z]{9}|\d{2}[A-Z]{9}-\d
Note
Regular expressions are case sensitive, so they should include upper and lower case, such as
[a-zA-Z]
.
If only certain letters are used, you can define the regular expression accordingly.
The less specific the pattern, such as an 8-digit number, the more likely you will want the policy to search
for additional words and phrases to distinguish a random 8-digit number from an actual customer
number.
for additional words and phrases to distinguish a random 8-digit number from an actual customer
number.
Advanced RSA Email DLP Policy Customization
If the available RSA Email DLP policy templates do not meet the unique requirements of your
organization, a number of options are available for creating your own DLP policies from scratch. These
options include:
organization, a number of options are available for creating your own DLP policies from scratch. These
options include:
•
Creating your own DLP policy using the Custom Policy Template
•
Creating your own classifiers to use in a custom policy
•
Creating and importing your own DLP dictionaries to use in a custom policy
Note
These options are advanced and should only be used in cases where predefined settings do not meet your
organization’s needs.
organization’s needs.
Number of repetitions
{min,max}
The regular expression notation that indicates the number of
repetitions of the previous token is supported.
repetitions of the previous token is supported.
For example, the expression “
\d{8}
” matches
12345678
and
11223344
but not
8
.
Or (
|
)
Alternation, or the “or” operator. If A and B are regular expressions,
the expression “
the expression “
A|B
” will match any string that matches either “A” or
“B.” Can be used to combine number patterns in a regular expression.
For example, the expression “
foo|bar
” will match either
foo
or
bar
,
but not
foobar
.
Table 11-2
Regular Expression in Classifiers