Keyword Extraction

Cloud App Security also provides Keyword Extraction as a simplified keyword-based way that allows you to quickly identify sensitive information contained in Box files and create rules to limit or prevent the transmission of the data.

Configuring Keyword Extraction

  1. Select Keyword Extraction.
  2. Select Enable Keyword Extraction.
  3. Configure Rules settings.
    1. In File Format, select one or multiple file formats to apply the criterion.


      Cloud App Security scans the specified keywords in text and PDF files, and in the header, footer, and properties of Microsoft Word, Excel, and PowerPoint files.

    2. Select Contain Type to indicate the condition for the criterion.

    3. Specify a keyword to scan in the Keywords text box, and click Add.

      The keyword appears in the blank area.

      Cloud App Security scans files for the specified keyword and triggers a keyword extraction rule when the content matches the keyword, including content with the following separators to the left or right of the content: "\t", "\n", "\r", ",", ".", and spaces.

      Take keyword Internal Use Only as an example. Cloud App Security triggers the keyword extraction rule when the content includes Internal Use Only. while does not when the content includes aaINTERNAL USE ONLYbb.

    4. Optionally repeat the above step to add more keywords for the selected file format(s).


      Optionally click Import to import existing keywords in batches from a text file. Make sure that each line in the file contains one keyword.

      Optionally select one or multiple keywords and click Remove Selected to delete the keywords.

    5. Click Add to Rule List.


      The setting appears in the Rule List table, each file format per line.

      You can add keywords for a single file format in multiple times, and all these keywords will be combined into one rule.

    6. Optionally repeat steps a through e if you need to set another condition for a file format.


      Cloud App Security separates the Contain and Not Contain conditions in two rules for each file format. It enables you to set actions for each condition rule respectively.

    7. Optionally click Export to export all the configured keywords.

    8. Select an action for each rule from the drop-down list.

      In the case of two separate rules for a file format, Cloud App Security takes the action with the higher priority to a file when keyword(s) in a rule hit the corresponding criterion. The actions come with the following priorities from high to low: Delete, Quarantine, Pass.




      Cloud App Security deletes the file and replaces it with a placeholder using the original file name and .txt.


      Cloud App Security moves the file to a restricted access folder, removing it as a security risk to protected Box.


      Cloud App Security records the detection in a log and delivers the file unchanged.

    9. Optionally click the trash icon to delete the corresponding rule.

  4. Configure Action settings.
    Option Description


    Cloud App Security sends a notification email message to the administrator or user according to the Notification settings.

    Do not notify

    Cloud App Security only takes the configured action on the file and does not send out any notification email message.

    Show Advanced Options

    Specify text to replace the original file content when a file is quarantined or deleted.

  5. Configure Notification settings.
    Option Description

    Notify administrator

    Specify message details to notify administrators that Cloud App Security detected a security risk and took action on an email message, attachment, or file.

    Notification threshold sets limits on messages to send. Threshold settings include:

    • Send consolidated notifications periodically: Cloud App Security sends an email message that consolidates all the notifications for a period of time. Specify the period of time by typing a number in the box and selecting hour(s) or day(s).

    • Send consolidated notifications by occurrences: Cloud App Security sends an email message that consolidates notifications for a set number of filtering actions. Specify the number of data loss occurrences by typing a number in the box.
    • Send individual notifications: Cloud App Security sends an email message notification every time Cloud App Security performs a filtering action.

    Notify User

    Box: Specify message details that notify the user who uploaded a file that Cloud App Security detected a security risk and took action on their file.

    Optionally select the Do not notify external user check box. This allows the administrator to choose not to notify an end user of policy violation details if the user violating the policy does not belong to your organization.


    When specifying a notification message, include relevant tokens and edit the message content as desired. For details about tokens, see Token List.