Tags and access blocking

  • DLP module - module that analyses files content, checks if files has igital tags and allows to block unauthorized access by specified parameters.

Note

Usage of this module may decrease the speed of work with files on workstations. Enable this module only in case of necessity.

How to enable this module :

staffcop experimental

DLP Module Configuration:

DLP Module configuration represents a number of rules to block files on the basis of attributes of the file and the user. The syntax here is similar to the syntax of Wireshark - a popular traffic sniffer. Each rule must begin with a new line.

To manage tags, please, download the tool from admin interface:

../../_images/dlp_1.png

Rules are configured on this page:

../../_images/dlp_2.png

In this example you can see that the tagged files are blocked on PC DESKTOP-JNURDD1 and in application - outlook.exe.

Rule - a number of expressions bound by logical operators (or|and|not). Braces characters are supported. Expression - an attribute or a constant bound by comparison operators.

[not] expression [or|and [not] expression ...]

Attributes

The following attributes are supported

Name

Type

Value

tag

Bool

Tag presence

tag_value

String

Tag value

computer_name

String

Computer name

user_name

String

User name

user_domain

String

Domain or workgroup

file_path

String

Full file path

file_name

String

File name

file_ext

String

File extension

exe_name

String

Application name

mime

String

Content type

Note

All the string value are case insensitive

Note

File extension is defined on the basis of content type and may differfrom the extension taken from file path.

Operators

The following operators are supported

Operator

Abbreviation

Assignment

Usage

not

!

Logical NOT

not ATTR

or

||

Logical OR

ATTR or ATTR2

and

&&

Logical AND

ATTR and ATTR2

xor

^^

Exclusive OR

ATTR xor ATTR2

eq

==

Comparison

ATTR == ATTR2

matches

Regular expressions

ATTR match “(one|two)”

in

Presence on list

ATTR in {“one” “two”}

Tags

Some file formats can be traced even in case the name or content of a file is changed.

The following file formats are supported:

  • Microsoft Office Word Document (.docx)

  • Microsoft Office Excel Workbook (.xlsx)

  • Microsoft Office PowerPoint Presentation (.pptx)

  • Open Office Text Documen (.odt)

  • Open Office Spreadsheet (.ods)

  • Open Office Presentation (.odp)