Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2126
Views
0
Helpful
4
Replies

How to detect Credit Card Numbers in the Subject

Greg Muszynski
Level 1
Level 1

‎10-04-2017 03:32 PM - edited ‎03-08-2019 07:25 PM

so we know there is a Smart Identifier for Credit Card Numbers for the body and or attachment of the message but how do you prevent knuckleheads from sending out credit card numbers in the Subject field?

Labels:
0 Helpful
4 Replies 4

dmccabej
Cisco Employee
Cisco Employee

‎10-08-2017 04:55 PM

Hello,

 

The Credit Card Smart Identifier can also be used within a dictionary. So, what you can do is setup a dictionary to look for the CC Smart Identifier, and then setup a Subject Header Content Filter to look for matches within that dictionary. The Subject Header content filter will also accept RegEx (Regular Expression), so you can also choose to write your own custom RegEx to look for a CC value. I would recommend setting up one of these filters and then testing prior to placing into production, to confirm it's working as needed.

 

Thanks!

-Dennis M.

0 Helpful

Greg Muszynski
Level 1
Level 1
In response to dmccabej

‎10-09-2017 08:44 AM - edited ‎10-09-2017 08:46 AM

Thank you Dennis that really helps and it brings us one step closer, the only thing I wish it had is the ability to set the Number of matches required (1-1000) like the Message Body or Attachment smart identifier has.  We need this so that we can create an Outbound Content filter for 2 or more credit card hits in the Subject and set it to skip the remaining filters, allowing the default DLP to consume the message.  Then below that 2 or more content filter we would have our singe CCN in the subject content filter which will catch the singles.

 

This may sound confusing, but we are doing all this because the default DLP mechanism does not trip on a single credit card number in the subject field, and implementing a single credit card number content filter using a smart identifier in the dictionary causes two violations for messages with two or more credit card numbers in the subject, one by the single content filter and a second by the default DLP.

 

Thanks again,
Greg

0 Helpful

dmccabej
Cisco Employee
Cisco Employee
In response to Greg Muszynski

‎10-09-2017 11:45 AM

Hello Greg,

 

Yeah, that's a tricky one. The Subject Header filter will also take Regular Expression (RegEx), so it's possible to maybe try setting up a custom RegEx, and then add a quantifier within the RegEx to match with 2 or more only. Probably be a pretty complex setup though. 

 

What's the downside of matching on both the Smart Identifier and DLP? If needed, you could also add an action for the Smart Identifier content filter to add a 'Message Tag', and then set the DLP policy itself to only trigger if that tag is absent. This would cure the issue of matching on both. 

 

Thanks!

-Dennis M.

0 Helpful

Greg Muszynski
Level 1
Level 1
In response to dmccabej

‎10-09-2017 12:26 PM - edited ‎10-09-2017 12:30 PM

Thanks again Dennis, the downside is only the inconvenience of sending two Notifications to the end user, one from the Content Filter says you tried to send a Credit Card Number and the other from the DLP saying Credit Card violation.

 

As far as tagging the message I think it would result in the opposite from what we want.  On multiple credit card number hits in the Subject we want the DLP to consume the message and spit out the appropriate Notification and not the single credit card number Content Filter which will trip first. I believe tagging the message via the Content Filter would tell DLP to skip the scan or notification, but we want the DLP to do its thing on multiple number hits.

0 Helpful
Customers Also Viewed These Support Documents