05-05-2015 06:56 AM
Since the built in SSN classifiers on the ESAs have a lot of false positives, Cisco support suggested creating regular expressions when creating DLP policies. I am trying to develop a custom DLP policy using a regular expression in a custom classifier using the following rules rules:
A Social Security number CANNOT :
Her is my regex:
^(?!000|666|77[3-9]|8[0-9]{2})[0-9]{3}\-(?!00)[0-9]{2}\-(?!0000)[0-9]{4}$
It works with regex testers, but my ESA does not catch valid test data. Any suggestions?
05-07-2015 02:39 PM
Your formula does not work with my regex tester. I tested using 435-11-2356, testing with ^(?!000)(?!666)(?!9)\d{3}([- ]?)(?!00)\d{2}\1(?!0000)\d{4}$ does work. Now I haven't added any of your other variables but you can work around it.
http://regexlib.com/Search.aspx?k=ssn
05-08-2015 06:16 AM
Thanks for the reply Tommy!
I put your regex to the test and it does work with a tester. However, when I test it with the ESA, it doesn't work. Thoughts?
05-08-2015 08:35 AM
Are you testing with an inbound or outbound content filter applied to the policy?
05-08-2015 08:39 AM
No. I am testing a custom DLP policy with a custom identifier. Then the DLP policy is applied to Outgoing Mail Policies
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide