Keywords are special words or phrases. Add related keywords to a keyword list to identify
specific types of data. For example,
prognosis,
blood type,
vaccination, and
physicianare keywords that may appear in a medical certificate. To prevent the transmission of medical certificate files, use these keywords in a Data Loss Prevention policy and then configure the policy action to block files containing these keywords.
Combine commonly used words to form meaningful keywords. For example, combine "end",
"read",
"if", and "at" to form keywords found in source code, such as "END-IF", "END-READ",
and "AT
END".
Predefined keyword lists
Trend Micro provides predefined keyword lists with built-in conditions that trigger
Data Loss Prevention policy violations. You cannot modify or delete predefined keyword
lists.
Custom keyword lists
Create customized keyword lists if none of the predefined keyword lists meet your
requirements.
A keyword list must satisfy your chosen criteria before Data Loss Prevention triggers
the policy. The
following table explains the available criteria when configuring a keyword list.
Criteria for a Keyword List
|
Criteria
|
Rule
|
|
Any keyword
|
A file must contain at least one keyword in the keyword list.
|
|
All keywords
|
A file must contain all the keywords in the keyword list. |
|
All keywords within <x> characters
|
A file must contain all the keywords in the keyword list. In addition, each keyword
pair
must be within <x> characters of each other.
For example, your 3 keywords are WEB, DISK, and USB and the number of characters you
specified is 20.
If Data Loss Prevention detects all keywords in the order DISK, WEB, and USB, the
number
of characters from the "D" (in DISK) to the "W" (in WEB) and from the "W" to the "U"
(in
USB) must be 20 characters or less.
When deciding on the number of characters, remember that a small number, such as 10,
will
usually result in faster scanning time but will only cover a relatively small area.
This may
reduce the likelihood of detecting sensitive data, especially in large files. As the
number
increases, the area covered also increases but scanning time might be slower.
|
|
Combined score for keywords exceeds threshold
|
A file must contain one or more keywords in the keyword list. If only one keyword
was
detected, its score must be higher than the threshold. If there are several keywords,
their
combined score must be higher than the threshold.
Assign each keyword a score of 1 to 10. A highly confidential word or phrase, such
as
"salary increase" for the Human Resources department, should have a relatively high
score.
Words or phrases that, by themselves, do not carry much weight can have lower scores.
Consider the scores that you assigned to the keywords when configuring the threshold.
For
example, if you have five keywords and three of those keywords are high priority,
the
threshold can be equal to or lower than the combined score of the three high priority
keywords. This means that the detection of these three keywords is enough to treat
the file
as sensitive.
|
Adding custom keyword lists
Procedure
- Go to .
- Click Add.
- Specify custom keyword list settings.
Option Description Basic PropertiesSpecify basic settings and select the criteria.Defining KeywordSpecify the keyword parameters. Optionally make the keyword case sensitive. - Click Add.The new custom keyword list appears under Keyword List.
- Click Save.
Importing custom keyword lists
Importing custom keyword lists requires a properly-formatted .xml file
containing the keywords.
Procedure
- Go to .
- Click Import, and then click Choose File to locate the .xml file to import.
- Click Open.
- Click Import.