Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
15-19
Cisco AsyncOS 8.0.1 for Email User Guide
Chapter 15 Data Loss Prevention
DLP Policies for RSA Email DLP
About Assessing Violation Severity
When the DLP scanning engine detects a potential DLP violation, it calculates a risk factor score that
represents the likelihood that the instance actually is a DLP violation. The policy compares the risk
factor score to the Severity Scale defined in that policy in order to determine the severity level (for
example, Low or Critical.) You specify the action to take for violations at each severity level (except
Ignore, for which no action is ever taken.) You can adjust the risk factor scores required to reach each
severity level.
represents the likelihood that the instance actually is a DLP violation. The policy compares the risk
factor score to the Severity Scale defined in that policy in order to determine the severity level (for
example, Low or Critical.) You specify the action to take for violations at each severity level (except
Ignore, for which no action is ever taken.) You can adjust the risk factor scores required to reach each
severity level.
Related Topics
•
•
Option
Description
Filtering by Senders
and Recipients
and Recipients
You can limit the DLP policy to apply to messages that do or do not include
recipients or senders that you specify using one of the following:
recipients or senders that you specify using one of the following:
•
Full email address:
user@example.com
•
Partial email address:
user@
•
All users in a domain:
@example.com
•
All users in a partial domain:
@.example.com
Separate multiple entries using a line break or a comma.
AsyncOS first matches the recipient or sender of an outgoing message to an
outgoing mail policy, then matches the sender or recipient to the sender and
recipient filters specified in the DLP policies enabled for that mail policy.
outgoing mail policy, then matches the sender or recipient to the sender and
recipient filters specified in the DLP policies enabled for that mail policy.
For example, you might want to disallow all senders from sending a certain
type of information, except to recipients in a partner domain. You would create
a DLP policy for that information, including a filter that exempts all users in
the partner domain, then include this DLP policy in an Outgoing Mail Policy
that applies to all senders.
type of information, except to recipients in a partner domain. You would create
a DLP policy for that information, including a filter that exempts all users in
the partner domain, then include this DLP policy in an Outgoing Mail Policy
that applies to all senders.
Filtering by
Attachment Types
Attachment Types
You can limit the DLP policy to scanning only messages that do or do not
include specific attachment types. Choose an attachment category, then a
predefined file type, or specify file types that are not listed. If you specify a
file type that is not predefined, AsyncOS searches for the file type based on
the attachment’s extension.
include specific attachment types. Choose an attachment category, then a
predefined file type, or specify file types that are not listed. If you specify a
file type that is not predefined, AsyncOS searches for the file type based on
the attachment’s extension.
You can also limit DLP scanning to attachments with a minimum file size.
Filtering by Message
Tag
Tag
If you want to limit a DLP policy to messages containing a specific phrase, you
can use a message or content filter to search outgoing messages for the phrase
and insert a custom message tag into the message. For more information, see
can use a message or content filter to search outgoing messages for the phrase
and insert a custom message tag into the message. For more information, see
and