Advanced Options for Data Types

These Data Types have several advanced options you can edit only from GuiDBedit:

• Dictionary
• Keywords
• Weighted Keywords
• Patterns

To open the options for these Data Types:

1. Run: c:\Program Files\CheckPoint\SmartConsole\R76\PROGRAM\GuiDBedit.exe
2. Connect to the Security Management Server.
3. Go to Table > Other > dlp_data_tbl and select the Data Type that you want to change.

Case Sensitivity

Applies to Data Types:

• Dictionary
• Keywords
• Weighted Keywords
• Patterns

By default, DLP finds text strings in uppercase or lowercase. You can choose to only find text that matches the case of the words in the Data Type lists.

To find text strings only when the case of the characters matches:

• Set case_sensitivity to true.

  The default value is false.

Ordered Match for Names

Applies to Data Types:

• Dictionary

By default, DLP finds dictionary words exactly as they are listed in the dictionary file. DLP will not find the dictionary words if they are in a different order. You can configure DLP to find dictionary words even if they occur in a different order.

This is important when DLP looks for names of people that are in a different order. For example, if your dictionary file includes the name “John Smith”, DLP will find only “John Smith”. By default, DLP will not find “Smith John” in sent messages.

To find dictionary entries in any order:

• Set ordered_match to false.

  The default value is true.

Proximity of Matched Words

Applies to Data Types:

• Dictionary

DLP can use the proximity of dictionary words to each other as a criteria in the DLP rules. With this option, if DLP finds the words far from each other, DLP will not trigger an action.

For example, if your dictionary file contains confidential and information and the proximity check is enabled, DLP will detect messages in which these words are within 3 words of each other. In this example:

The dictionary rule will match the text: This email contains confidential company information.

The dictionary rule will not match the text: This information about our product is not confidential.

To enable DLP to check the proximity of dictionary words:

• Set enable_proximity_check to true.

  The default value is false.

To change the value of how near the dictionary words need to be to each other:

• Set proximity to the number of words that are allowed to be between Dictionary words.

  The default value is 3.

Match Multiple Occurrences

Applies to Data Types:

• Dictionary
• Keywords
• Patterns

DLP scans messages for words that are included in your lists. DLP can record a match for each occurrence of a word in the text, or DLP can record a match once regardless of how many times the word is used in the text.

By default, Patterns are recorded as a match each time the pattern is used in the text, but Dictionary words and Keywords are recorded as a match only once regardless of how many times they are used in the text.

To record a single match regardless of how many times a word is used:

• Set count_occurences to false.

  By default, this value is true for Patterns.

To record a match for every time a word is used:

• Set count_occurences for the Data Type to true.

  By default, this value is false for Dictionary and Keywords.

Match Whole Word Only

Applies to Data Types:

• Weighted Keywords — only when keyword is a regular expression
• Patterns

DLP can match text as partial or whole words. For Weighted Keywords and Patterns, you can choose to match only whole words. Dictionary or Keywords Data Types are always matched when they appear as a whole word only.

For example, if your Pattern Data Type contains (C|c)onfident and the whole word only option is enabled, DLP will only match patterns that do not have characters before or after the pattern. In this example:

The Data Type will match the text: confident

The Data Type will not match the text: confidential

To match whole words only:

• Set whole_word_only to true.

  By default, the value is false.