How to Configure SphereShield for SfB DLP?

  1. Open the SphereShield Portal
  2. Go to Settings→ DLP Integration (/admin/settings?category=settings_dlp_integration_category_header)
  3. Enable DLP Integration by changing the "Enable DLP Integration" option to "Yes"
  4. Choose DLP provider - 3rd Party or AGAT for Regex Based rules (Configure in /admin/DLPrules)


General configuration options

PropteryOptionsDescription
General
Enable DLPYes/NoEnable DLP policy inspection
Enable DLP OnBastion, SIP Filter

Enable inspection on a component(multichoice)

  • Bastion  - Enable DLP inspection for HTTP traffic(Relevant for Mobile devices, Webapp and MAC)
  • SIP Filter - Enable DLP inspection for SIP traffic(Relevant for PC clients and federated traffic)
DLP ProviderAGAT/Other/Symantec/ForcePoint(WebSense)/Mcafee/Fidelis

The DLP provider that will be used for the Inspection

  • AGAT - Sphereshield's internal DLP Engine based on regex (Regex rules can be configured under [Admin Portal] > [DLP Rules])
  • Other - Non-natively supported ICAP DLP Engine (Please contact support before using)
  • Symantec
  • Mcafee
  • Fidelis
Block Traffic when DLP engine is not availableYes/NoBlock all inspected traffic In the case there is no response from the DLP server
Filter only outgoing IM TrafficYes/No(Default: Yes)Filter only communication between internal and federation users
Enable DLP for conferencesYes/NoEnables DLP inspection for conferences
Internal SIP Domain ListList of internal SIP domains

The list of the SIP domains that are used internally

(used to differentiate between internal and federated users)

In order to insert an internal domain enter your internal SIP domains in the textbox and then press Enter.

Example of SIP domains:

  • contoso.com
  • *.greenhouse.com
  • corp.domain.com


Include sub-domains of the internal SIP domainYes/NoWhether to include sub-domains under one level 
Enable DLP AuditingYes/No

Record DLP events in the database,

Events can be seen in the Admin portal under [Auditing] >[DLP Auditing]

Admin Notification
Admin notification type[Log]/[Log and Mail]/[Log, Mail and IM]

The type of notification that will be utilized

Options are:

Admin notification recipient(email)Recipient Email accountThe recipient Admin Email account (Only relevant if mail is configured)
Admin notification recipient(IM)Recipient IM SIP addressThe Recipient Admin SIP address for IM(Only relevant  if UCMA and IM notification is configured) 
Admin notification recipient MessageIM Message contentThe IM message content
Admin notification Email subjectMail message  contentThe mail message content
DLP User Notification
User Notification TypeNone/IMEnable notification to the user in case of violation(Require UCMA integration)
User Notification MessageMessageThe message that will be sent to the user in case of violation
User Block MessageMessageThe message that will be sent to the user in case of violation on block mode
User Modify MessageMessageThe message that will be sent to the user in case of violation on block mode in case of modify
Advanced
  • Record Active Directory Users Information
Yes/NoIf set to "Yes", will fetch the CN of the AD user for enhanced logging. This might impact performance.(Required for DLP Providers in order to enforce policies based on groups)



Related Articles:

TitleCreatorModified
How to configure DLP integration with Symantec via RESTful API?Agat SupportApr 13, 2022
Symantec DLP IntegrationAgat SupportApr 13, 2022
External ICAP DLP IntegrationAgat SupportApr 13, 2022
How to Configure SphereShield for SfB DLP?Agat SupportAug 08, 2021