Tags and access blocking

  • DLP module - module that analyses files content, checks if files havedigital tags and allows to block unauthorized access by specified parameters.

Note

Usage of this module may decrease the speed of work files on workstationsEnable this module only in case of necessity

DLP Module Configuration:

Module configuration represents a number of rules to block files on the basis of attributes of the file and the user. The syntax here is similar to the syntax of Wireshark - a popular traffic sniffer. Each rule must begin with a new line.

Rule - a number of expressions bound by logical operators (or|and|not). Braces characters are supported.Expression - an attribute or a value bound by comparison operators.

[not] выражение [or|and [not] выражение ...]

Attributes

The following attributes are supported

Name Type Value
tag Bool Tag presence
tag_value String Tag value
computer_name String Computer name
user_name String Имя пользователя
user_domain String Domain or workgroup
file_path String Full file path
file_name String File name
file_ext String File extension
exe_name String Application name
mime String Content type

Note

All the string value are case insensitive

Note

File extension is defined on the basis of content type and may differfrom the extension taken from file path.

Operators

The following operators are supported

Operator Abbreviation Assignment Use
not ! Logical NOT not ATTR
or || Logical OR ATTR or ATTR2
and && Logical AND ATTR and ATTR2
xor ^^ Exclusive OR ATTR xor ATTR2
eq == Comparison ATTR == ATTR2
matches   Regular expression ATTR match “(one|two)”
in   Presence on list ATTR in {“one” “two”}

Examples

Block file “secret.txt” for user “guest”

file_name == "secret.txt" and user_name == "guest"

Block all the tagged “docx” files for all applications except Microsoft Word:

(tag and file_ext == "docx") and not exe_name == "winword.exe"

Block access to Autocad files for all computers except for those on the list:

mime == "application/dxf" and not computer_name in {"computer1" "computer2" "computer3"}

Tags

Some file formats can be traced even in case the name or content of a file is changed

The following file formats are supported:

  • Microsoft Office Word Document (.docx)
  • Microsoft Office Excel Workbook (.xlsx)
  • Microsoft Office PowerPoint Presentation (.pptx)
  • Open Office Text Documen (.odt)
  • Open Office Spreadsheet (.ods)
  • Open Office Presentation (.odp)

To manage tags download the tool following the links below: