Guest

Preview Tool

Cisco Bug: CSCvu72990 - [ENH] Calculate the DLP score from all components in a message (all attachments and message body)

Last Modified

Jun 23, 2020

Products (1)

  • Cisco Email Security Appliance

Known Affected Releases

13.0.0-394

Description (partial)

Symptom:
While creating a custom DLP policy defining a custom classifier and changing the score so a single match will not trigger the policy we can see some strange behavior.

1. If we put the proper amount of matches in the body in this case 3 the DLP violation is triggered:
Sat Jun 20 06:55:43 2020 Info: MID 704 DLP violation. Severity: LOW (Risk Factor: 35). DLP policy match: 'Custom'.

2. If we put those matches again in a single attachment the result again will be a DLP violation triggered:
Sat Jun 20 07:00:10 2020 Info: MID 707 attachment 'text1.txt'
Sat Jun 20 07:00:10 2020 Info: MID 707 DLP violation. Severity: LOW (Risk Factor: 35). DLP policy match: 'Custom'.

3.When we share this matches in multiple files we do not get a match as it seems not all matches are calculated together:
Sat Jun 20 07:05:02 2020 Info: MID 708 attachment 'text1.txt'
Sat Jun 20 07:05:02 2020 Info: MID 708 attachment 'text2.txt'
Sat Jun 20 07:05:02 2020 Info: MID 708 attachment 'text3.txt'
Sat Jun 20 07:05:02 2020 Info: MID 708 DLP no violation

This enhancement request is in order for all matches in attachments and message body will be calculated together and produce a violation for the full message.

Conditions:
1.Enable DLP outbound.
2.Create a custom DLP  policy that will match any of the provided regexes.
3.Modify the scale in a way that a single match will not trigger a violation.
4.Inject a message that will have the multiple patterns but in multiple attachments.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.