devan05

CA DLP Tuesday Tip: XML Attribute Datalookups

Discussion created by devan05 Employee on Apr 17, 2012
Latest reply on Apr 17, 2012 by Chris_Hackett
CA DLP (DataMinder) Tuesday Tip for 17 April 2012 published by Andrew Devine Snr. Support Engineer.

Data Lookup settings are available for all email, Data In Motion and Data At Rest capture and control triggers. They provide highly flexible extensions to these triggers.

XML Attribute lookups enable policy triggers to test targeted files and emails for metadata attributes (this metadata is stored in XML format).

For example, file metadata includes details about the file creation and modified dates, the file name and path, its title and author. The full range of available metadata varies according to the file type.

The example below detects all imported files smaller than 10 KB. Note that the file size attribute is measured in bytes, not KB.

xmlattr WHERE apm/event/file/size < 10240

XML Attribute lookups are also used to detect x-headers in emails. X-headers are custom or proprietary headers in an Internet Mail. They are typically used to pass information to emailing applications for processing or as an information repository.

The example below detects emails containing an x-header named 'x-vpm-state' where the x-header value is set to 'public, and excludes these emails from policy processing. That is, the trigger does not fire.

NOT (xmlattr WHERE apm/event/email/header/item[@name='x-vpm-state'] IS "public")

For more information on the Data Lookup features please refer to the CA DataMinder (DLP) r14.0 Policy Guide (DLP_Policy_ENU.pdf) which is available to download from the CA DLP r14.0 Bookshelf on the CA Support Portal (Support.ca.com)

Outcomes