Create a File Property Data Pattern on the DLP App

Log in to the DLP app on the hub.
If you don’t already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.
Select
Detection Methods
Data Patterns
and
Add Data Patterns
.
You can also create a new custom data pattern by copying an existing custom data pattern. To copy a custom data pattern, expand the Actions column for the data pattern you want to copy and
Clone
the data pattern. You can then configure the custom data pattern you copied as needed.
Select the
File Property
data pattern.
(
Optional
) Enter a
Description
for the data pattern.
Define the file property data pattern.
Enterprise DLP
supports file property data patterns in MS Office and PDF documents and supports both the OLE (.doc/.ppt) and XML (.docx/.pptx) formats of MS Office.
Select the
File Property Type
.
Leave the
File Property Type
empty if you plan to use
keyword
as the file property
Name
. This is required to successfully match traffic against the
keyword
file property.
Enterprise DLP
supports the following file property types.
AIP Tags
—Microsoft Azure Information Protection (AIP) labels used to classify and protect documents and emails.
Only one AIP Tag entry is supported per data pattern. However, you can add up to 10 AIP Tag values to an AIP Tag entry using
;
as a separator. For example,
msip_label_defa4170-0d19-0005-000b-bc88714345d2_contentbits=10;
msip_label_defa4170-0d19-0005-000b-bc76701345f1_contentbits=10
.
Asset Name
—File name for files you want to prevent exfiltration.
Only one Asset Name entry is supported per data pattern. However, you can add up to 100 Asset Name values to an Asset Name entry using
;
as a separator. For example,
notes; billing-info;customer-data
.
Fully formed regex expressions are supported for the Asset Name value. Wildcards are not supported. For example,
(?i)(\W|^)(ssn|social|security\security|credit\card|phone|credit\card)(\W|$)
.
Author
—File owner first and last name in the asset metadata.
Only one Author entry is supported per data pattern. However, you can add up to 100 Author values to an Author entry using
;
as a separator. For example,
Bill Smith; john doe; leslieBarnes
.
The Author values are case and space insensitive.
The Author file property type is not supported for source code files.
File Extension
—Specify one or more file types supported by
Enterprise DLP
.
Only one File Extension entry is supported per data pattern. However, you can add up to 100 File Extension values to a File Extension entry using
;
as a separator. For example,
.pdf;.csv;.rtf
.
To scan files based on a specific file extension, the file extension must be included in the file name.
File SHA
—String of letters and numbers that represent a long checksum. Only SHA-256 are supported.
Only one File SHA entry is supported per data pattern. However, you can add up to 100 File SHA values to an File SHA entry using
;
as a separator. For example,
CA4D03E8F8A495AA671930184A04275E050D096B9E7E3CF693E0AB12898F3A46;5C4753EAE1F27F0D7EDB5F3245155F668BF5B86A8B3BB2D86F32C65692837F79
.
Extended Properties
—Unique
Advanced
properties added to Microsoft Suite (Word, Excel, PPT, PDF) file properties that are not the default
General
properties.
Multiple Extended Properties entries are supported per data pattern.
Custom
—Unique
Custom
properties added to Microsoft Suite (Word, Excel, PPT, PDF) file properties that are not the default
General
properties.
Multiple Custom entries are supported per data pattern.
Select the file property
Name
.
For files protected with AIP labels, you must enter the full AIP label
Name
that you want to take action on. This must be the
MSIP_Label_<GUID>_Enabled
label name.
Enter the file property
Value
.
(
Optional
)
Add File Property
to define additional file property patterns.

Save
the data pattern.
Create a data profile on the DLP app.
Create a Data Profile on the DLP App
Create a Data Profile with Data Patterns and EDM Data Sets on the DLP App