Knowledge Base » Security Policies » Setting Up Data Loss Prevention (DLP) Rules

Setting Up Data Loss Prevention (DLP) Rules

GuardAxion Browser Security Security Policies By Bryan Caddy Nov 30, 2025 9:09 PM 3 views

Data Loss Prevention (DLP) Rules

Overview

DLP rules prevent sensitive data from leaving your organization through web browsers. GuardAxion can detect and block transmission of confidential information.

Creating DLP Rules

Step 1: Access DLP Configuration

  1. Navigate to Security Policies > DLP Rules
  2. Click Create New Rule

Step 2: Define Rule Basics

  • Rule Name: Descriptive identifier
  • Description: What the rule protects
  • Severity: Critical, High, Medium, Low
  • Action: Block, Alert, or Log

Step 3: Configure Detection Patterns

Pattern Types:

  1. Regular Expression: Custom regex patterns
  2. Keyword Lists: Specific words or phrases
  3. Data Classifiers: Pre-built patterns for:
    • Credit card numbers
    • Social Security Numbers
    • Email addresses
    • Phone numbers
    • API keys and tokens

Step 4: Set Scope

Define where the rule applies:

  • Domains: Specific sites or all external sites
  • File Types: Documents, images, archives
  • Transmission Methods: Copy/paste, file upload, form submission

Step 5: Configure Exclusions

Add exceptions for:

  • Internal corporate sites
  • Approved cloud services
  • Specific user groups
  • Time-based windows

Example DLP Rules

Credit Card Protection

Pattern: \b\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}\b
Action: Block
Severity: Critical

Confidential Document Keywords

Keywords: "CONFIDENTIAL", "PROPRIETARY", "TRADE SECRET"
Action: Alert + Log
Severity: High

Source Code Protection

File Extensions: .py, .java, .cpp, .js
External Domains: All except approved repos
Action: Block
Severity: High

URL Exclusions for DLP

When to Use Exclusions

Exclude internal sites where legitimate data sharing occurs:

  • Intranet portals
  • HR systems
  • Internal collaboration tools
  • Corporate file shares

Creating Exclusions

  1. Go to DLP Rules > URL Exclusions tab
  2. Click Add Exclusion
  3. Enter pattern (exact URL, domain, or wildcard)
  4. Provide business justification
  5. Save

Exclusion Pattern Types

  • Exact: https://intranet.company.com/forms
  • Domain: *.internal.company.com
  • Wildcard: https://sharepoint.company.com/*
  • Regex: Complex pattern matching

Monitoring DLP Events

Viewing Violations

  1. Navigate to Analytics & Monitoring > Advanced Analytics
  2. Filter by event type: DLP Violation
  3. Review details:
    • User involved
    • Data type detected
    • Destination URL
    • Action taken

DLP Bypass Events

When URLs are excluded, events are logged as DLP Bypass for audit purposes.

Best Practices

  • Start with Alert mode before blocking
  • Test rules with pilot groups
  • Regularly review false positives
  • Update patterns as threats evolve
  • Document all exclusions with justification
  • Balance security with productivity

Troubleshooting

  • Too Many False Positives: Refine regex patterns, add exclusions
  • Not Catching Data: Test patterns, check scope configuration
  • Performance Impact: Optimize regex, reduce pattern complexity

Was this article helpful?

Still need help? Create a ticket

Related Articles

← Back to Knowledge Base