Configuring a DLP Enforce CloudSOC policy to match a specific MS Sharepoint Site (Office365)
search cancel

Configuring a DLP Enforce CloudSOC policy to match a specific MS Sharepoint Site (Office365)

book

Article ID: 222015

calendar_today

Updated On:

Products

CASB Security Advanced CASB Securlet SAAS CASB Security Standard Data Loss Prevention Data Loss Prevention Enforce Data Loss Prevention Cloud Detection Service for REST

Issue/Introduction

There are times where the requirement is to apply certain business conditions (or a set of conditions) on a particular Microsoft Sharepoint Site in the Office 365 (O365) environment.

This is the opposite of applying the DLP policies to all Sharepoint Sites within the environment.

Environment

  • Cloudsoc integrated with CDS and DLP Enforce
  • Microsoft Office365 Securlet is activated and in a healthy state
  • Access to DLP Enforce with enough permissions to modify the policies

Cause

Business requirement or a specific use case

Resolution

There are two ways to achieve this:

  1. Using a custom contextual attribute of type "String", targeting the Site name 
  2. Using a predefined contextual attribute condition named "Sharepoint Site name" (available on the recent versions of Enforce).

 

1- Using the Contextual Attribute

 

Steps:

  • Create a new DLP Enforce Policy (blank)
  • Fill in the required fields (Name, Policy Group ..etc)
  • Click on "Add Rule"
  • Select "Contextual Attributes" then click "Next"
  • under the "Conditions" section, click the dropdown names "Attribute"
  • Select "String Attribute" - under Custom selection group-
  • Set the name of the attribute as "common.sharepoint"
  • Set the "Match" value based on the required criteria (either  Regular expression exact match/case sensitive matching or Insensitive matching)
  • Modify the rest of the policy as needed (it can be saved without any actions for testing and validation)

 

Example:

In this example, the rule is based on a regular expression and targeting any Site name that contains the substring "MySite" at any part of the site URL, this would match URL's like:

  • https://customdomain.sharepoint.com/sites/MySite
  • https://customdomain.sharepoint.com/sites/abc_MySite
  • https://customdomain.sharepoint.com/sites/abc_MySite_xyz

 

2- Using the predefined condition:

 

Steps:

  • Create a new DLP Enforce Policy (blank)
  • Fill in the required fields (Name, Policy Group ..etc)
  • Click on "Add Rule"
  • Select "Contextual Attributes" then click "Next"
  • under the "Conditions" section, click the dropdown names "Attribute"
  • Select "Sharepoint Site Name" - under the Data Exposure selection group-
  • Set the "Match" value based on the required criteria (either  Regular expression exact match/case sensitive matching or Insensitive matching)
  • Modify the rest of the policy as needed (it can be saved without any actions for testing and validation

Example:

In this example, the rule is based on un insensitive  matching and targeting an exact site name regardless of the case (lower case or upper case), this would match URL's like:

  • https://customdomain.sharepoint.com/sites/MySite
  • https://customdomain.sharepoint.com/sites/mysite
  • https://CUSTOMdomain.sharepoint.com/sites/mYsItE

Powered by Wolken Software