Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sarm_Chanatip
Collaborator

CloudSaaS Office 365 OneDrive DLP setup

Hi guys,

First of all, I'm new with CloudGuard SaaS and doing test integration with Office 365 for OneDrive DLP setup and getting stuck at some configuration that can't block sensitive data when uploading the file via OneDrive application such as credit card info for example.

I have already configured OneDrive rule for DLP, refer screenshots below.

1st figure, with Policy Rules for Office 365 OneDrive DLP

CloudGuard SaaS O365 OnDrive DLP-1.jpg

2nd figure, for Rule DLP setting with PCI Credit Card Numbers

CloudGuard SaaS O365 OnDrive DLP-1.1.jpg

3rd figure, uploaded the sensitive data file and shared to everyone

CloudGuard SaaS O365 OnDrive DLP-2.jpg

4th figure, CloudGuard SaaS does not block this file.

CloudGuard SaaS O365 OnDrive DLP-3.jpg

 

5th figure, No display events on overview dashboard.

CloudGuard SaaS O365 OnDrive DLP-5.jpg

 

I do not know where I'm missing configuration.

 

Anyone any ideas?

 

Really appreciate every comments

 

Regards,

Sarm

 

8 Replies
Abigael_Levy
Employee Alumnus
Employee Alumnus

Hello @Sarm_Chanatip ,

Thank you for using CloudGuard SaaS!

Please open a ticket with our support so that we can take a deeper look into your configuration.

If you need help with opening the ticket, click here.

Thanks,

Abigael

 

 

Kim_Moberg
Advisor

Hi Abigal,

Agree CG Saas is great product and I hope more to join this solution.

I had a similar issue but was not fixed due to as designed or as build.

It was an issues with Danish Social Security numbers why didnt' work either.

You had to add more then 10 different social security numbers before CG SaaS was raising a flag. DLP right now only flags but does not protect yet.

If one tests with Canadian or USA it is flagged right away because the pattern is different to ours in Denmark. 

For example

Donald Duck
100110-1721

But why send out 10 different social security numbers in a e-mail. I would say according to GPDR in EU just one social security number which being send out should be flagged.

Best Regards
Kim
Abigael_Levy
Employee Alumnus
Employee Alumnus

Hi @Kim_Moberg ,

We will actually fix very soon the issue of Danish Social Security Numbers to decrease the built-in threshold to 1. You will then be able to adjust it in the policy by increasing or decreasing the sensitivity.

I believe that the issue here is different. I saw that a SR has been open so our RnD will look into the matter.

Thanks,

Abigael

 

 

0 Kudos
Kim_Moberg
Advisor

Hi @Abigael_Levy 

Thanks for your reply.

I just saw the similar pattern but I am sure you are right.
I will be looking forward to see the fix being implemented and of course to see where the CG SaaS go with the future development.

I can only recommend Check Point customers to get CG SaaS product to be part of their IT-services.

Best Regards
Kim
Sarm_Chanatip
Collaborator

Hi Abigael,

Thank you for your comment.

I have opened a ticket to TAC but still has not been received any information or solutions yet.

Regards,
Sarm
Abigael_Levy
Employee Alumnus
Employee Alumnus

Hi @Sarm_Chanatip 

I am looking into it and will do my best to move things forward.

Thanks for your patience!

Abigael

 

 

0 Kudos
Vladimir
Champion
Champion

@Abigael_Levy , we are about to start looking at the Cloud DLP solutions. Please advise if CP SaaS DLP is now working for prevention as well as detection, if the minimum number of instances is reduced to 1 and if it works with any other SaaS products besides hosted Exchange and OneDrive. We are particularly interested in SalesForce integration.

 

Thank you,

Vladimir

Asaf_Henig
Employee Alumnus
Employee Alumnus

Vladimir

 

We do have a great DLP solution for SalesForce which I will be more than happy to present and discuss. 

Please contact me at asafhe@checkpoint.com 

With regards to prevent vs. monitor. We will add in-line prevent to Email DLP (O365 or Gmail) in mid Q4. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events