Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
88
Views
1
Helpful
0
Comments

DLP Rules based on File Size

roipaz
Cisco Employee
Cisco Employee

on ‎07-14-2025 11:51 AM

The file size feature enables data security administrators to configure DLP rules to include or exclude files based on their size. 

Key Benefits
This feature offers the following advantages:

Reduced Insignificant Events: Reduces the number of insignificant events processed by the DLP system, freeing up SoC resources for more critical tasks by allowing administrators to focus on files that are more likely to pose a risk.
Enhanced Data Security: Provides the capability to block files solely based on their size or any file, without requiring data classification, reducing the risk of data exfiltration.

Use Cases 
Reduce Low-Significance Events - Configure DLP rules to exclude scanning files below a certain size to minimize processing of low-significance events, allowing a greater focus on critical security priorities.
Enforce Fail-Close Security for Oversized Files - Block uploaded files larger than 50MB, as they cannot be scanned by the DLP system. This fail-close approach ensures that any file exceeding the scanning limit is automatically blocked, preventing unscanned files from bypassing security measures and reducing the risk of data exfiltration.

Packaging and Licensing
It is available to all Secure Access DLP customers at no additional cost.

Getting Started 
1. Navigate to Secure > Policy > Data Loss Prevention Policy.
2. When creating or editing a Real Time or SaaS API rule, use the File Size area to include or exclude files based on their size.
3. Choose either "Include all sizes" (up to 50MB) or "Include size range" to specify minimum and maximum size limits.
Note: Empty maximum field will treat as unlimited.  

Documentation and Resources 
Add a Real Time Rule to the Data Loss Prevention Policy
Add a SaaS API Rule to the Data Loss Prevention Policy
Add an AI Guardrails Rule to the Data Loss Prevention Policy
Data Loss Prevention Report

Best Practices 
1. Utilize file size criteria in DLP policies to focus scanning on specific file sizes, reducing false positives.
2. Consider blocking files exceeding 50MB, as the system scans only up to the first 50 MB of plain text for any file.
3. Use the file size filter in the DLP report to monitor and adjust the effectiveness of the configured file size criteria.

Labels:
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents