Adventures in Custom DLP Rules – Part Three

In the last part of my series I will explore some more advanced options that can be applied or configured in the XML template that can be imported to Exchange 2013 / Office 365 for DLP. The additional values can be configured in the DLP matching criteria – Confidence, Proximity and Keywords. (See the TechNet link at the bottom of the article for a full explanation of what each term means.

The below code is what has been added to the my original custom XML generation script:

New Code Section 1 – Set custom proximity and confidence levels

  $answer = read-host "Do you want to modify the default Proximity level of 300? (y or n)"
  if ($answer -eq "y") {
	$proximity = read-host "Enter a Proximity value for the rules (300 is the default)"
  } else {
	$proximity = "300"
  }
  $answer2 = read-host "Do you want to modify the default Confidence level of 85 (y or n)"
  if ($answer2 -eq "y") {
	$confidence = read-host "Enter a recommended Confidence value for the rules (85 is the default)"
  } else {
	$confidence = "85"
  }
  Add-Content $directory"\"$filename  " <Entity id=`"$guid3`" RecommendedConfidence=`"$confidence`" PatternsProximity=`"$proximity`">"


The above code section sets the default Confidence and Proximity Settings to be used with the RegEx criteria in the XML file.

New Code Section 2 – Added a Confidence level and Keyword settings to the RegExID section as well as an array to track with

	$answer3 = read-host "Do you want to modify the default Confidence level of 85 (y or n)"
	if ($answer3 -eq "y") {
		$confidence = read-host "Enter a confidence value for the rules (85 is the default)"
	} else {
		$confidence2 = "85"
	}
	Add-Content $directory"\"$filename  " <Pattern ConfidenceLevel=`"$confidence2`">"


	$keywordanswer = read-host "Do you want to add a keyword match to the rule? (y or n)"
        if ($keywordanswer -eq "y") {
            $keywordID = read-host "Enter the KeywordID to be used in the rule match (i.e. Keyword_SSN)"
        }
	Add-Content $directory"\"$filename  "</Pattern>"
	$RegExID2 += ,@($RegExID,$keywordID)

Lines 1 to 7 allow for a custom Confidence Level for a particular RegEx section.
Lines 9 to 15 Allow for an additional criteria (keyword) to be used to help with the content filtering.

New Code Section 3 – Handles the addition of Keywords to the RegEx criteria

  if ($line[1] -ne $null) {

    # Loop Added for keyword terms
    $termnum = read-host "Enter the number of keyword terms to be used for this rule (i.e. 1,2, etc)"
    $j = 1
    do {
        $term = read-host "Enter the keyword to be used for this rule (i.e. SSN)"
        Add-Content $directory"\"$filename "<Term>`"$term`"</Term>"
	    $j++
        write-host ""
    }
    while ($j -le $termnum)
    Start-sleep -seconds 2
    }
  }

  # Close this section in the XML file
  Add-Content $directory"\"$filename "</Keyword>"
  Add-Content $directory"\"$filename "</Group>"

The above section of code asks for the additional Keywords to be added to the current RegEx rule being processed.

Explanation
To get a better explanation of what the new criteria can do, please refer to this TechNet link for more information.

Full Script
The entire script can be downloaded here. Because of Word Press file restrictions, you will need to rename the .doc file to a .ps1 file before running it.

Run Through and XML File
Quick run through of the more advanced script:

DLP-Final-Sequence
XML File generated by the script:

XMLFiletoImport

Past Article in the Series
Custom DLP – Part 1
Custom DLP – Part 2

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s