Customized Expressions

Create customized expressions if none of the predefined expressions meet the company's requirements.

Expressions are a powerful string-matching tool. Become comfortable with expression syntax before creating expressions. Poorly written expressions can dramatically impact performance.

When creating expressions:

Refer to the predefined expressions for guidance on how to define valid expressions. For example, when creating an expression that includes a date, refer to the expressions prefixed with "Date".

Note that Data Loss Prevention follows the expression formats defined in Perl Compatible Regular Expressions (PCRE). For more information on PCRE, visit the following website:

http://www.pcre.org/

Start with simple expressions. Modify the expressions if they are causing false alarms or fine tune them to improve detections.

Administrators can choose from several criteria when creating expressions. An expression must satisfy the chosen criteria before Data Loss Prevention subjects it to a DLP policy.

Criteria for Customized Expressions

Criteria

Rule

Example

None

None

All - Names from US Census Bureau

  • Expression: [^\w]([A-Z][a-z]{1,12}(\s?,\s?|[\s]|\s([A-Z])\.\s)[A-Z][a-z]{1,12})[^\w]

Specific characters

An expression must include the characters you have specified.

In addition, the number of characters in the expression must be within the minimum and maximum limits.

US - ABA Routing Number

  • Expression: [^\d]([0123678]\d{8})[^\d]

  • Characters: 0123456789

  • Minimum characters: 9

  • Maximum characters: 9

Suffix

Suffix refers to the last segment of an expression. A suffix must include the characters you have specified and contain a certain number of characters.

In addition, the number of characters in the expression must be within the minimum and maximum limits.

All - Home Address

  • Expression: \D(\d+\s[a-z.]+\s([a-z]+\s){0,2} (lane|ln|street|st|avenue|ave| road|rd|place|pl|drive|dr|circle| cr|court|ct|boulevard|blvd)\.? [0-9a-z,#\s\.]{0,30}[\s|,][a-z]{2}\ s\d{5}(-\d{4})?)[^\d-]

  • Suffix characters: 0123456789-

  • Number of characters: 5

  • Minimum characters in the expression: 25

  • Maximum characters in the expression: 80

Single- character separator

An expression must have two segments separated by a character. The character must be 1 byte in length.

In addition, the number of characters left of the separator must be within the minimum and maximum limits. The number of characters right of the separator must not exceed the maximum limit.

All - Email Address

  • Expression: [^\w.]([\w\.]{1,20}@[a-z0-9]{2,20}[\.][a-z]{2,5}[a-z\.]{0,10})[^\w.]

  • Separator: @

  • Minimum characters to the left: 3

  • Maximum characters to the left: 15

  • Maximum characters to the right: 30

 

See also:

Predefined Expressions

Adding and Editing Expressions

Importing Expressions