Keyword Extraction

Cloud App Security also provides Keyword Extraction as a simplified keyword-based way that allows you to quickly identify sensitive information contained in Box files and create rules to limit or prevent the transmission of the data.

Configuring Keyword Extraction

  1. Select Keyword Extraction.
  2. Select Enable Keyword Extraction.
  3. Configure Rules settings.
    1. In File Format, select one or multiple file formats to apply the criterion.

      Note:

      Cloud App Security scans the configured keywords in text and PDF files, and in the header, footer, and properties of Microsoft Word, Excel, and PowerPoint files.

    2. Select Contain Type to indicate the condition for the criterion.

    3. Specify a keyword to scan in the Keywords text box, and click Add.

      Note:

      The keyword appears in the blank area.

    4. Optionally repeat the above step to add more keywords for the selected file format(s).

      Note:

      Optionally click Import to import existing keywords in batches from a text file. Make sure that each line in the file contains one keyword.

      Optionally select one or multiple keywords and click Remove Selected to delete the keywords.

    5. Click Add to Rule List.

      Note:

      The setting appears in the Rule List table, each file format per line.

      You can add keywords for a single file format in multiple times, and all these keywords will be combined into one rule.

    6. Optionally repeat steps a through e if you need to set another condition for a file format.

      Note:

      Each file format can have both Contain and Not Contain criteria in its rule. Cloud App Security will take the configured action to a file when keywords in it hit either criterion.

    7. Optionally click Export to export all the configured keywords.

    8. Optionally click the trash icon to delete the corresponding rule.

  4. Configure Action settings.

    Cloud App Security protects services by executing specified actions after detecting a file that matches scanning conditions. The action depends on the performed scan, the affected service, and the configured actions for that scan.

    Option Description

    Delete

    Cloud App Security deletes the file and replaces it with a placeholder using the original file name and .txt.

    Pass

    Cloud App Security records the detection in a log and delivers the file unchanged.

    Quarantine

    Cloud App Security moves the file to a restricted access folder, removing it as a security risk to protected Box.

    Advanced Options

    Specify text to replace the original file content when a file is quarantined or deleted.

    Option Description

    Notify

    Cloud App Security sends a notification email message to the administrator or user according to the Notification settings.

    Do not notify

    Cloud App Security only takes the configured action on the file and does not send out any notification email message.

  5. Configure Notification settings.
    Option Description

    Notify administrator

    Specify message details to notify administrators that Cloud App Security detected a security risk and took action on an email message, attachment, or file.

    Notification threshold sets limits on messages to send. Threshold settings include:

    • Send consolidated notifications periodically: Cloud App Security sends an email message that consolidates all the notifications for a period of time. Specify the period of time by typing a number in the box and selecting hour(s) or day(s).

    • Send consolidated notifications by occurrences: Cloud App Security sends an email message that consolidates notifications for a set number of filtering actions. Specify the number of data loss occurrences by typing a number in the box.
    • Send individual notifications: Cloud App Security sends an email message notification every time Cloud App Security performs a filtering action.

    Notify User

    Box: Specify message details that notify the user who uploaded a file that Cloud App Security detected a security risk and took action on their file.

    Note:

    When specifying a notification message, include relevant tokens and edit the message content as desired. For details about tokens, see Token List.