05-05-2015 06:56 AM
Since the built in SSN classifiers on the ESAs have a lot of false positives, Cisco support suggested creating regular expressions when creating DLP policies. I am trying to develop a custom DLP policy using a regular expression in a custom classifier using the following rules rules:
A Social Security number CANNOT :
Her is my regex:
^(?!000|666|77[3-9]|8[0-9]{2})[0-9]{3}\-(?!00)[0-9]{2}\-(?!0000)[0-9]{4}$
It works with regex testers, but my ESA does not catch valid test data. Any suggestions?
05-07-2015 02:39 PM
Your formula does not work with my regex tester. I tested using 435-11-2356, testing with ^(?!000)(?!666)(?!9)\d{3}([- ]?)(?!00)\d{2}\1(?!0000)\d{4}$ does work. Now I haven't added any of your other variables but you can work around it.
http://regexlib.com/Search.aspx?k=ssn
05-08-2015 06:16 AM
Thanks for the reply Tommy!
I put your regex to the test and it does work with a tester. However, when I test it with the ESA, it doesn't work. Thoughts?
05-08-2015 08:35 AM
Are you testing with an inbound or outbound content filter applied to the policy?
05-08-2015 08:39 AM
No. I am testing a custom DLP policy with a custom identifier. Then the DLP policy is applied to Outgoing Mail Policies
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: