Not getting DLP policy matches

%3CLINGO-SUB%20id%3D%22lingo-sub-49884%22%20slang%3D%22en-US%22%3ENot%20getting%20DLP%20policy%20matches%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-49884%22%20slang%3D%22en-US%22%3E%3CP%3EI%20uploaded%20some%20test%20files%20from%20%3CA%20href%3D%22https%3A%2F%2Fdlptest.com%2Fsample-data%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdlptest.com%2Fsample-data%2F%3C%2FA%3E%20to%20my%20OneDrive%20site.%20I%20have%20created%202%20DLP%20policies%2C%20one%20with%20US%20PII%20and%20the%20other%20with%20Financial%20PCI%20templates.%20The%20reports%20are%20not%20finding%20any%20matches.%20When%20I%20do%20a%20SP%20search%2C%20the%20test%20files%20are%20found%2C%20so%20I%20know%20that%20they%20have%20been%20crawled.%20How%20long%20do%20I%20have%20to%20wait%20for%20DLP%20Policy%20Matches%3F%20what%20else%20can%20i%20do%20to%20troubleshoot%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-49884%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EData%20Loss%20Prevention%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-52686%22%20slang%3D%22en-US%22%3ERe%3A%20Not%20getting%20DLP%20policy%20matches%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-52686%22%20slang%3D%22en-US%22%3Eone%20of%20my%20files%20contains%20Visa%20followed%20by%20a%20card%20number%2C%20another%20contains%20Visa%20MC%20AMEX%20in%20the%20column%20header%20and%20then%20the%20card%20numbers%20in%20that%20column.%20I%20would%20expect%20these%20to%20trigger%20the%20rules.%20One%20of%20the%20files%20also%20contains%20SSN%20in%20the%20column%20header.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-52651%22%20slang%3D%22en-US%22%3ERe%3A%20Not%20getting%20DLP%20policy%20matches%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-52651%22%20slang%3D%22en-US%22%3E%3CP%3EOne%20thing%20that%20took%20me%20a%20while%20to%20figure%20out%20is%20that%20you%20need%20to%20provide%20some%20context%20in%20your%20files%20or%20emails.%20You%20can't%20just%20have%20a%20credit%20number%20by%20itself%20and%20expect%20it%20to%20find%20it.%20The%20algorithms%20are%20looking%20for%20words%20like%20%22credit%20card%2C%20amex%2C%20routing%20number%2C%20visa%2C%20expiration%20date%2C%20ssn%2C%20etc.%22%3CBR%20%2F%3E%3CBR%20%2F%3EOnce%20I%20started%20putting%20additional%20text%20like%20that%20in%20my%20test%20files%20and%20test%20emails%2C%20then%20the%20policies%20started%20triggering.%3CBR%20%2F%3E%3CBR%20%2F%3EJason%20Hartman%3C%2FP%3E%3C%2FLINGO-BODY%3E
Respected Contributor

I uploaded some test files from https://dlptest.com/sample-data/ to my OneDrive site. I have created 2 DLP policies, one with US PII and the other with Financial PCI templates. The reports are not finding any matches. When I do a SP search, the test files are found, so I know that they have been crawled. How long do I have to wait for DLP Policy Matches? what else can i do to troubleshoot?

2 Replies

One thing that took me a while to figure out is that you need to provide some context in your files or emails. You can't just have a credit number by itself and expect it to find it. The algorithms are looking for words like "credit card, amex, routing number, visa, expiration date, ssn, etc."

Once I started putting additional text like that in my test files and test emails, then the policies started triggering.

Jason Hartman

one of my files contains Visa followed by a card number, another contains Visa MC AMEX in the column header and then the card numbers in that column. I would expect these to trigger the rules. One of the files also contains SSN in the column header.