Cisco Cisco Email Security Appliance C160 Mode D'Emploi
11-15
Cisco IronPort AsyncOS 7.6 for Email Configuration Guide
OL-25136-01
Chapter 11 Data Loss Prevention
Filtering by Senders and Recipients
You can limit the DLP policy to scan messages with specific recipients or senders in one of the following
ways:
ways:
•
Full email address:
user@example.com
•
Partial email address:
user@
•
All users in a domain:
@example.com
•
All users in a partial domain:
@.example.com
You can separate multiple entries using a line break or a comma.
For an outgoing message, AsyncOS first matches the recipient or sender to an outgoing mail policy. After
the recipient or sender is matched, RSA Email DLP then matches the sender or recipient to the DLP
policies enabled for the mail policy.
the recipient or sender is matched, RSA Email DLP then matches the sender or recipient to the DLP
policies enabled for the mail policy.
Filtering by Attachment Types
You can limit the DLP policy to messages with specific attachment types. Attachments are first extracted
using AsyncOS’s content scanning engine and then the content of the attachment is scanned by the RSA
Email DLP scanning engine. The appliance provides a number of predefined file types for scanning, but
you can also specify file types that are not listed. If you specify a file type that is not predefined,
AsyncOS searches for the file type based on the attachment’s extension. You can limit RSA Email DLP
scanning to attachments with a minimum file size in bytes.
using AsyncOS’s content scanning engine and then the content of the attachment is scanned by the RSA
Email DLP scanning engine. The appliance provides a number of predefined file types for scanning, but
you can also specify file types that are not listed. If you specify a file type that is not predefined,
AsyncOS searches for the file type based on the attachment’s extension. You can limit RSA Email DLP
scanning to attachments with a minimum file size in bytes.
Filtering by Message Tag
If you want to limit a DLP policy to scanning messages containing a specific phrase, you can use a
message or content filter to search outgoing messages for the phrase and insert a custom message tag
into the message. When creating a DLP policy, select the message tags you want to use for filtering
outgoing messages. For more information, see
message or content filter to search outgoing messages for the phrase and insert a custom message tag
into the message. When creating a DLP policy, select the message tags you want to use for filtering
outgoing messages. For more information, see
and the “Using
Message Filters to Enforce Mail Policies” in the Cisco IronPort AsyncOS for Email Advanced
Configuration Guide.
Configuration Guide.
Setting the Severity Levels
If RSA Email DLP scanning engine detects a DLP violation, it calculates a risk factor score that
represents the severity of the violation, ranging from 0 to 100. The policy compares the risk factor score
to the Severity Scale. The Severity Scale includes five severity levels: Ignore, Low, Medium, High, and
Critical. The severity level determines the actions taken on the message. By default, all severity levels
(except Ignore) inherit the settings of the higher severity level; the High severity level inherits the
settings from Critical, Medium inherits from High, and Low inherits from Medium. You can edit the
level to specify different actions for different severities.
represents the severity of the violation, ranging from 0 to 100. The policy compares the risk factor score
to the Severity Scale. The Severity Scale includes five severity levels: Ignore, Low, Medium, High, and
Critical. The severity level determines the actions taken on the message. By default, all severity levels
(except Ignore) inherit the settings of the higher severity level; the High severity level inherits the
settings from Critical, Medium inherits from High, and Low inherits from Medium. You can edit the
level to specify different actions for different severities.
For information on how the DLP scanning engine calculates a risk factor, see