cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1013
Views
5
Helpful
1
Replies

SSN formats in outgoing emails

We filter for SSN, but it does not catch everything. I realize a consecutive 9 digit number would be a bad idea and we do not have a rule in place for that anyway. What I do need is a way to catch SSN in the following format: xxx-xx-1234 or xxx-12-3456. We use the built-in DLP rule for SSN, but it does not catch those formats. It only catches of it is in the form of 123-45-6789. We have a different rule that will look for the letters SSN or Social Security, etc, but those are not always included in the email. How do I go about this? I presume it would have to be a RegEx policy customization, but this is not something I have done before. So if someone is doing this and it is working, please give me the "for dummies" version of how to implement it.

Thanks in advance

1 Reply 1

SriramV
Cisco Employee
Cisco Employee

 

 

  1. Create or search for regex (for ex.  https://stackoverflow.com/questions/4087468/ssn-regex-for-123-45-6789-or-xxx-xx-xxxx)
  2. In ESA Select Mail Policies > DLP Policy Customizations and click Add Custom Classifier.
  3. Enter a classifier name and description as “SSN_Regex
  4. Choose Regex under detection Rules types and define the associated content matching criteria:
  5. Provide the regex (in mycase (?!(000|666|9))\d{3}-(?!00)\d{2}-(?!0000)\d{4} ) in Regex: testbox
  6. Submit your changes.
  7. Select Mail Policies > DLP Policy Manager.
  8. Click Add DLP Policy.
  9. Click Custom Policy.
  10. Click Add for the Custom Policy.
  11. Enter a name and description for the policy as “SSN_Policy
  12. Select “SSN_Regex” under Policy Matching Details: and click Add.
  13. Submit your changes.
  14. Click Mail Policies > Outgoing Mail Policies
  15. Click the link for the DLP security service (the DLP column) for the mail policy to which you want to apply the DLP policy
  16. Select the checkboxes for “SSN_Policy
  17. Submit and commit your changes.

you can play around different regex pattern as per the requirement 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: