Strata Cloud Manager

1. Log in to Strata Cloud Manager.
2. Select ConfigurationData Loss PreventionDetection MethodsData Patterns.
3. Add Data Patterns and select Custom.

   You can also create a new custom data pattern by copying an existing custom data pattern. To copy a custom data pattern, select the data pattern name to view the data pattern details and copy (

   ). You can then configure the custom data pattern you copied as needed.
4. Enter a descriptive Data Pattern Name.

   If updating an existing data pattern, Enterprise DLP supports changing the data pattern name only if the data pattern isn't currently in use in a data profile or a Data Security (SaaS API) data asset policy rule. You must remove the data pattern from the data profile data asset policy before you change the name. Enterprise DLP prevents you from changing the name if the data pattern is currently in use.

   Enterprise DLP updates the data pattern name for all DLP incidents with the new archived data pattern name amendment after you archive a data pattern. It takes about10 minutes for the new data pattern name to reflect in the Incident Manager for existing and new incidents.
5. (Optional) Enter a Description for the data pattern.
6. Select the type of Regular Expression.

   You can choose Basic or Weighted data patterns. Use the Weighted data pattern to create a basic or weighted regular expression. With weighted regular expressions, each text entry is assigned a score and when the score threshold is exceeded, such as when enough expressions from a pattern match an asset, Enterprise DLP will indicate that the asset is a match for the pattern.

   Then use the query builder in the Regular Expressions field to add either regular (Basic) or Weighted expressions.
7. (Optional) Enter one or more Proximity Keywords.

   Proximity keywords are not case-sensitive. You can enter one or more proximity keywords to increase the probability Enterprise DLP accurately detects a regular expression match. Proximity keywords impact the Enterprise DLP confidence level, which reflects how confident Enterprise DLP is when detecting matched traffic. Enterprise DLP determines confidence level by inspecting the distance of regular expressions to proximity keywords.

   Data patterns that don't include any proximity keywords to identify a match always have both Low and High confidence level detections in a DLP incident.
8. (Optional) Enter the Proximity Distance (between 1 and 1,000) to specify the maximum character distance between sensitive data and proximity keywords required to trigger a detection.

   The default proximity distance is 200.

   For large files or traffic containing sensitive data where related proximity keywords might be separated by longer text blocks, you can increase the proximity distance to ensure proper detection. Conversely for files or traffic where you need tighter control to reduce false positives, you can specify a smaller proximity distance to ensure only closely associated keywords trigger a match.

   The minimum proximity keyword distance must be the character length of the longest proximity keyword plus one character. This includes spaces within the proximity keyword value.

   For example, consider the list of proximity keywords in the custom data pattern below. The longest proximity keyword is phone number which is 12 characters. In this case, the minimum proximity keyword distance is 13.

9. Save the data pattern.
10. Create a data profile on Strata Cloud Manager.