Cisco Bug: CSCvu72990 - [ENH] Calculate the DLP score from all components in a message (all attachments and message body)
Jun 23, 2020
- Cisco Email Security Appliance
Known Affected Releases
Symptom: While creating a custom DLP policy defining a custom classifier and changing the score so a single match will not trigger the policy we can see some strange behavior. 1. If we put the proper amount of matches in the body in this case 3 the DLP violation is triggered: Sat Jun 20 06:55:43 2020 Info: MID 704 DLP violation. Severity: LOW (Risk Factor: 35). DLP policy match: 'Custom'. 2. If we put those matches again in a single attachment the result again will be a DLP violation triggered: Sat Jun 20 07:00:10 2020 Info: MID 707 attachment 'text1.txt' Sat Jun 20 07:00:10 2020 Info: MID 707 DLP violation. Severity: LOW (Risk Factor: 35). DLP policy match: 'Custom'. 3.When we share this matches in multiple files we do not get a match as it seems not all matches are calculated together: Sat Jun 20 07:05:02 2020 Info: MID 708 attachment 'text1.txt' Sat Jun 20 07:05:02 2020 Info: MID 708 attachment 'text2.txt' Sat Jun 20 07:05:02 2020 Info: MID 708 attachment 'text3.txt' Sat Jun 20 07:05:02 2020 Info: MID 708 DLP no violation This enhancement request is in order for all matches in attachments and message body will be calculated together and produce a violation for the full message. Conditions: 1.Enable DLP outbound. 2.Create a custom DLP policy that will match any of the provided regexes. 3.Modify the scale in a way that a single match will not trigger a violation. 4.Inject a message that will have the multiple patterns but in multiple attachments.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases