Forum Discussion
Exclude File Hash's from Data leak/Insider policy
Absolute long shot, but is there any way to exclude file Hashes from the attachments part of a data leak policy, we use a service for our signatures and due to the way it works the images in it keep getting picked up as part of sending external with attachment, the image name changes, but the SHA-256 stays the same.
Anyone have any idea if this is or ever will be possible?
2 Replies
milgoMicrosoft
Hello Alex!
Did you ever figure out a solution for this. If not, the answer is likely a No-Purview does not support this for attachments. Hashes may appear in Endpoint DLP telemetry but I doubt you can use them as a DLP rule condition or exception.
Why can't we create a custom SIT using regex pattern for SHA-256 hashes and then use them in the DLP rules? Regex can be as below:
SHA-256 Hash Regular Expression - Regex Pattern
Asking it as a question to ensure you guys may have tried it as I haven't. Just thinking out loud here!
