How to create a policy that triggers on a specific protocol

book

Article ID: 160763

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Creating a policy that will trigger on a specific protocol.

Resolution

Follow these steps to create a policy based on a specific protocol:

  • Add a blank policy and set the name and policy group as usual
  • Add a new Rule
  • In the "Add Rule" screen set the match on Protocol "Message Sent By Protocol"
  • Click "Next"
  • Under "conditions" you can now specify the protocol in question; In this case it would be the name of your protocol that triggers an incident

Keep in mind that this is not recommended for use by itself, since you would trigger incidents any time a communication over the set protocol occurs. It is, however, very useful if you want to use it as a compound policy that triggers on a keyword only used within one protocol.