Cisco Cisco Email Security Appliance C160 Mode D'Emploi

For deployments with RSA Enterprise Manager: You can configure either the Email Security 
appliance (Message Actions page) or Enterprise Manager (DLP policies) to send DLP violation 
notifications to users. To prevent duplicate notifications, set up notifications using one or the other, 
but not both. 

Familiarize yourself with the 

. You can 

use these variables to customize the notification with specific details about each violation. 

Select Mail Policies > Text Resources. 

Click Add Text Resource. 

For Type, select DLP Notification Template. 

DLP variables are not available for the plain Notification template. 

Enter notification text and variables. 

The notification should inform its recipients that an outgoing message may contain sensitive data that 
violates your organization’s data loss prevention policies.

Specify this DLP notification template in a Message Action in a DLP policy in the DLP Policy Manager. 

Use the following variables to include specific information about each DLP violation in the notification. 

 

Replaced by the name of the email DLP policy violated.

Replaced by the severity of violation. Can be “Low,” “Medium,” 
“High,” or “Critical.”

Replaced by the risk factor of the message’s sensitive material 
(score 0 - 100).

Replaced by the message To: header (not the Envelope 
Recipient).

Replaced by the message From: header (not the Envelope 
Sender).

Replaced by the subject of the original message.

Replaced by the current date, using the format MM/DD/YYYY.

Replaced by the current time, in the local time zone.

Replaced by the current time and date, as would be found in the 
Received: line of an email message, using GMT.

Replaced by the Message ID, or “MID” used internally to 
identify the message. Not to be confused with the RFC822 
“Message-Id” value (use $Header to retrieve that).