Tags and access blocking¶
- DLP module - module that analyses files content, checks if files havedigital tags and allows to block unauthorized access by specified parameters.
Note
Usage of this module may decrease the speed of work files on workstationsEnable this module only in case of necessity
DLP Module Configuration:¶
Module configuration represents a number of rules to block files on the basis of attributes of the file and the user. The syntax here is similar to the syntax of Wireshark - a popular traffic sniffer. Each rule must begin with a new line.
Rule - a number of expressions bound by logical operators (or|and|not). Braces characters are supported.Expression - an attribute or a value bound by comparison operators.
[not] выражение [or|and [not] выражение ...]
Attributes¶
The following attributes are supported
| Name | Type | Value |
|---|---|---|
| tag | Bool | Tag presence |
| tag_value | String | Tag value |
| computer_name | String | Computer name |
| user_name | String | Имя пользователя |
| user_domain | String | Domain or workgroup |
| file_path | String | Full file path |
| file_name | String | File name |
| file_ext | String | File extension |
| exe_name | String | Application name |
| mime | String | Content type |
Note
All the string value are case insensitive
Note
File extension is defined on the basis of content type and may differfrom the extension taken from file path.
Operators¶
The following operators are supported
| Operator | Abbreviation | Assignment | Use |
|---|---|---|---|
| not | ! | Logical NOT | not ATTR |
| or | || | Logical OR | ATTR or ATTR2 |
| and | && | Logical AND | ATTR and ATTR2 |
| xor | ^^ | Exclusive OR | ATTR xor ATTR2 |
| eq | == | Comparison | ATTR == ATTR2 |
| matches | Regular expression | ATTR match “(one|two)” | |
| in | Presence on list | ATTR in {“one” “two”} |
Examples¶
Block file “secret.txt” for user “guest”
file_name == "secret.txt" and user_name == "guest"
Block all the tagged “docx” files for all applications except Microsoft Word:
(tag and file_ext == "docx") and not exe_name == "winword.exe"
Block access to Autocad files for all computers except for those on the list:
mime == "application/dxf" and not computer_name in {"computer1" "computer2" "computer3"}
Tags¶
Some file formats can be traced even in case the name or content of a file is changed
The following file formats are supported:
- Microsoft Office Word Document (.docx)
- Microsoft Office Excel Workbook (.xlsx)
- Microsoft Office PowerPoint Presentation (.pptx)
- Open Office Text Documen (.odt)
- Open Office Spreadsheet (.ods)
- Open Office Presentation (.odp)
To manage tags download the tool following the links below: