Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 1 reply
  • Subscribers 10 subscribers
  • Views 585 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data Loss Prevention: Custom CCL with a specific expression

Bruno Abdalla

Hi guys,

SOPHOS Support cannot help me in that case, they always sind me a manual with not really good content inside for this topic. Maybe you can answer my question!

We are using DLP by Sophos and want to check if a spec. content is inside of a file. We have some files with sensitive information, and we want to create a rule so that every file that has the word or expression "Extra Oficial" is blocked from being transmitted.

I searched in some forums and communities that said it was enough to just use regular expressions, so I tested the regular expressions using the regex101 site to validate it works, but when I configure it in Sophos, it just doesn't work.

How should I configure this in Sophos DLP?



This thread was automatically locked due to age.

Top Replies

  • +1 verified

    Hi Bruno,

    Thanks for reaching out to the Sophos Community Forum. 

    When checking the site you're using here, this is not using the same syntax as Sophos' DLP engine uses. In the following article it is stated that "Perl syntax" is used. 
    - Set up an advanced expression

    I was able to use the following site for testing. The regex I tested successfully on a device is: (?i:extra\soficial)
    - The Perl Regex Tester

    Jump to answer
Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Cookie Information Banner