Apply DLP policy for CASB gatelet based on groups
search cancel

Apply DLP policy for CASB gatelet based on groups

book

Article ID: 371408

calendar_today

Updated On:

Products

CASB Gateway Advanced CASB Advanced Threat Protection CASB Audit CASB Gateway CASB Security Advanced CASB Security Advanced IAAS CASB Security Premium CASB Security Premium IAAS CASB Security Standard CASB Securlet IAAS CASB Securlet SAAS CASB Securlet SAAS With DLP-CDS

Issue/Introduction

Can DLP policies apply to AD groups for CASB Gatelets (Data in Motion)?

Resolution

Groups in DLP enforce do not impact policies that apply to Gatelets. There are a few ways to work around this problem.

  • Groups in CASB can be applied to the ScanFilter (Application Detection) in enforce. The ScanFilter is synchronized to CASB.  CASB will send the data to the CDS based on the filter which would point to a policy group and policy that would only apply to these users.

Example: CASB test group specified in a scanfilter that would apply to policies in the contractor policy Group.

  • Recipient Pattern based upon email address.

  • Contextual attribute such as Client Tenant UserID based on the users email address. 
    Please notice each user is separated by OR and duplicated they keyword policy.

Additional Information

The document is intended as an example only and may not be valid in all use cases.

Powered by Wolken Software