Configuring predefined events for data loss prevention

Use the Predefined Events area of the Data Loss Prevention page for the Network IPS appliance to configure preset signatures that identify the common types of data loss.

About this task

Navigating in the Network IPS Local Management Interface: Secure Protection Settings > Security Modules > Data Loss Prevention

Navigating in the SiteProtector™ system: select the Data Loss Prevention policy

The following table lists the eight predefined events for the Network IPS appliance:
Table 1. Predefined event signatures for data loss prevention
Signature Description
Content_Analyzer_Credit_Card_Num Searches for patterns that are typical for credit card numbers.
Content_Analyzer_Postal_Addr Searches for patterns that are typical for physical or mailing addresses.
Content_Analyzer_Social_Security_Num Searches for patterns that are typical for social security numbers.
Content_Analyzer_Dollar_Amount Searches for patterns that are typical for financial data.
Content_Analyzer_Date Searches for patterns that are typical for various date formats.
Content_Analyzer_US_Phone_Num Searches for patterns that are typical for phone numbers.
Content_Analyzer_Email_Addr Searches for patterns that are typical for email addresses.
Content_Analyzer_Person_Name Searches for patterns that are typical for various name formats.

Procedure

  1. Click the Signatures tab.
  2. Select the Content Analysis Enabled check box.
  3. In the Predefined Events area, enable the appropriate predefined events.
  4. If you want to assign a protection domain to the predefined event, click the Edit icon.
  5. In the Predefined Events window, set the Minimum Match (the minimum number of matches that are required to cause an event).
  6. Assign a protection domain by clicking the Add icon. For more information about configuring protection domains, see Configuring protection domains.
  7. Click OK.

What to do next

You can also configure user-combined events and user-defined events on the Data Loss Prevention page.