Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 0 subscribers
  • Views 13291 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Data Control Template

BopBop

I am working on Data control policy and has been success full with all the  built in policy Sophos has. I can stop/ monitor any financial information . however some of the financial document are not detecting by Sophos.

For example our payroll system upload electronic checks  to different bank every other week.  It is a txt file they upload but instead of using straight routing number and account number they mix and match some digit  such as 72208500001901258980 first 3 digit could be which state bank is 722 and then routing number 085000019 and then account number 012589800.

Problem I think is when all this digit are combined, Sophos doesn’’’’t know what to do. I have been trying to use this link to create new template but not successful yet http://www.sophos.com/support/knowledgebase/article/112192.html

Does other Sophos member create and share template ?  We monitor network with Soiralwind NPM , in SOlarwind we share template with other member , could you do some thing  in Sophos so we can share  custom template ?

:20087


This thread was automatically locked due to age.
Parents
  • 0

    Hello BopBop,

    so you are looking for strings with exactly 21 digits (although your combined string has only 20, but I assume it is a typo)? <expression value="\b\d{21}\b" count="1" weight="1" /> will detect these and setting contentCondition triggerWeight="1" will trigger the rules when at least one such string is detected. Setting triggerWeight="2" will never trigger the rule though, as count="1" specifies that only one occurrence should be considered and thus triggerWeight can't reach the value 2.

    If you'd show us what you've got so far we might be able to help you finding out why it doesn't work as intended. Is a single occurrence of the string alone the only criterion or do you have additional identifiers?

    Christian

    :20105
Reply
  • 0

    Hello BopBop,

    so you are looking for strings with exactly 21 digits (although your combined string has only 20, but I assume it is a typo)? <expression value="\b\d{21}\b" count="1" weight="1" /> will detect these and setting contentCondition triggerWeight="1" will trigger the rules when at least one such string is detected. Setting triggerWeight="2" will never trigger the rule though, as count="1" specifies that only one occurrence should be considered and thus triggerWeight can't reach the value 2.

    If you'd show us what you've got so far we might be able to help you finding out why it doesn't work as intended. Is a single occurrence of the string alone the only criterion or do you have additional identifiers?

    Christian

    :20105
Children
No Data
Unfiltered HTML