Advanced Options for Data Types

These Data Types have several advanced options you can edit only from Database Tool (GuiDBEdit Tool) (see sk13009):

  • Dictionary

  • Keywords

  • Weighted Keywords

  • Patterns

To open the options for these Data Types:

  1. Close all SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. windows connected to the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

  2. Connect with Database Tool (GuiDBEdit Tool) to the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server..

  3. Go to Table > Other > dlp_data_tbl.

  4. Select the Data TypeClosed Classification of data in a Check Point Security Policy for the Content Awareness Software Blade. that you want to change:

    Applies to Data Types:

    • Dictionary

    • Keywords

    • Weighted Keywords

    • Patterns

    By default, DLP finds text strings in uppercase or lowercase. You can choose to only find text that matches the case of the words in the Data Type lists.

    To find text strings only when the case of the characters matches:

    • Set case_sensitivity to true.

      The default value is false.

    Note - The Case Sensitivity option applies to ASCII words. Non-ASCII words are always case sensitive..

    Applies to Data Types:

    • Dictionary

    By default, DLP finds dictionary words exactly as they are listed in the dictionary file. DLP will not find the dictionary words if they are in a different order. You can configure DLP to find dictionary words even if they occur in a different order.

    This is important when DLP looks for names of people that are in a different order. For example, if your dictionary file includes the name "John Smith", DLP will find only "John Smith". By default, DLP will not find "Smith John" in sent messages.

    To find dictionary entries in any order:

    • Set ordered_match to false.

      The default value is true.

    Applies to Data Types:

    • Dictionary

    DLP can use the proximity of dictionary words to each other as a criteria in the DLP rules. With this option, if DLP finds the words far from each other, DLP will not trigger an action.

    For example, if your dictionary file contains confidential and information and the proximity check is enabled, DLP will detect messages in which these words are within 3 words of each other. In this example:

    The dictionary rule will match the text: This email contains confidential company information.

    The dictionary rule will not match the text: This information about our product is not confidential.

    To enable DLP to check the proximity of dictionary words:

    • Set enable_proximity_check to true.

      The default value is false.

    To change the value of how near the dictionary words need to be to each other:

    • Set proximity to the number of words that are allowed to be between Dictionary words.

      The default value is 3.

    Applies to Data Types:

    • Dictionary

    • Keywords

    • Patterns

    DLP scans messages for words that are included in your lists. DLP can record a match for each occurrence of a word in the text, or DLP can record a match once regardless of how many times the word is used in the text.

    By default, Patterns are recorded as a match each time the pattern is used in the text, but Dictionary words and Keywords are recorded as a match only once regardless of how many times they are used in the text.

    To record a single match regardless of how many times a word is used:

    • Set count_occurences to false.

      By default, this value is true for Patterns.

    To record a match for every time a word is used:

    • Set count_occurences for the Data Type to true.

      By default, this value is false for Dictionary and Keywords.

    Applies to Data Types:

    • Weighted Keywords - only when keyword is a regular expression

    • Patterns

    DLP can match text as partial or whole words. For Weighted Keywords and Patterns, you can choose to match only whole words. Dictionary or Keywords Data Types are always matched when they appear as a whole word only.

    For example, if your Pattern Data Type contains (C|c)onfident and the whole word only option is enabled, DLP will only match patterns that do not have characters before or after the pattern. In this example:

    The Data Type will match the text: confident

    The Data Type will not match the text: confidential

    To match whole words only:

    • Set whole_word_only to true.

      By default, the value is false.

    Note - Languages in which words are not bounded by white spaces or punctuation symbols, such as in Japanese or Chinese, will never match as whole word only.

  5. Save the changes and close Database Tool (GuiDBEdit Tool).

  6. In SmartConsole, install policy.