I am trying to find out how to create DLP policy which would detect a user potentially dumping email addresses from our internal database into an email body. We use OME for attachment encryption but now looking into how to protect the content of messages. Has anyone created a similar policy before or got guidance on how to create this rule? I have been able to set-up the usual defaults for credit card numbers etc but I am not sure how to create a rule that applies if say five email addresses are detected in the message body.
Thanks in advance!