Cisco Cisco Email Security Appliance C170 Guía Del Usuario
Chapter 11 Data Loss Prevention
11-14
Cisco IronPort AsyncOS 7.5 for Email Configuration Guide
OL-25136-01
Filtering Attachments
You can limit the DLP policy to messages with specific attachment types.
Attachments are first extracted using AsyncOS’s content scanning engine and
then the content of the attachment is scanned by the RSA Email DLP scanning
engine. The appliance provides a number of predefined file types for scanning, but
you can also specify file types that are not listed. If you specify a file type that is
not predefined, AsyncOS searches for the file type based on the attachment’s
extension. You can limit RSA Email DLP scanning to attachments with a
minimum file size in bytes.
Attachments are first extracted using AsyncOS’s content scanning engine and
then the content of the attachment is scanned by the RSA Email DLP scanning
engine. The appliance provides a number of predefined file types for scanning, but
you can also specify file types that are not listed. If you specify a file type that is
not predefined, AsyncOS searches for the file type based on the attachment’s
extension. You can limit RSA Email DLP scanning to attachments with a
minimum file size in bytes.
Filtering by Message Tag
If you want to limit a DLP policy to scanning messages containing a specific
phrase, you can use a message or content filter to search outgoing messages for
the phrase and insert a custom message tag into the message. When creating a
DLP policy, select the message tags you want to use for filtering outgoing
messages. For more information, see
phrase, you can use a message or content filter to search outgoing messages for
the phrase and insert a custom message tag into the message. When creating a
DLP policy, select the message tags you want to use for filtering outgoing
messages. For more information, see
and the
“Using Message Filters to Enforce Mail Policies” in the Cisco IronPort AsyncOS
for Email Advanced Configuration Guide.
for Email Advanced Configuration Guide.
Setting the Severity Levels
If RSA Email DLP scanning engine detects a DLP violation, it calculates a risk
factor score that represents the severity of the violation, ranging from 0 to 100.
The policy compares the risk factor score to the Severity Scale. The Severity Scale
includes five severity levels: Ignore, Low, Medium, High, and Critical. The
severity level determines the actions taken on the message. By default, all severity
levels (except Ignore) inherit the settings of the higher severity level; the High
severity level inherits the settings from Critical, Medium inherits from High, and
Low inherits from Medium. You can edit the level to specify different actions for
different severities.
factor score that represents the severity of the violation, ranging from 0 to 100.
The policy compares the risk factor score to the Severity Scale. The Severity Scale
includes five severity levels: Ignore, Low, Medium, High, and Critical. The
severity level determines the actions taken on the message. By default, all severity
levels (except Ignore) inherit the settings of the higher severity level; the High
severity level inherits the settings from Critical, Medium inherits from High, and
Low inherits from Medium. You can edit the level to specify different actions for
different severities.
For information on how the DLP scanning engine calculates a risk factor, see
.