Skip to main content

Data Loss Prevention dictionaries

Email Security provides several dictionaries to with Data Loss Prevention (DLP). You can use the dictionaries in combination with Message Rules to detect potentially high risk data being stolen via email messages.

Note

The condition used in the rule needs to support dictionaries and can only be applied to the message body.

Tip

You can find an example of a message rule that uses Data Loss Prevention dictionaries under Creating a rule for placing emails with credit card numbers in a custom quarantine using DLP dictionaries.

The DLP dictionaries consist of Regular Expressions and keywords:

Dictionary

Description

Use with

AWS Keys (RegEx)

Format:

  • An access key ID (for example, AKIAIOSFODNN7EXAMPLE).

  • A secret key (for example wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY).

Pattern:

Either the key or the secret must be present.

AWS Keys (Keywords)

Azure DocumentDB Auth Key (RegEx)

Format:

The string DocumentDb followed by the characters and strings outlined in the pattern below.

Pattern:

  • The string DocumentDb.

  • Any combination of between 3 and 200 lower or uppercase letters, digits, symbols, special characters, or spaces.

  • A greater than symbol (>), an equal sign (=), a quotation mark ("), or an apostrophe (').

  • Any combination of 86 lower or uppercase letters, digits, forward slash (/), or plus sign (+).

  • Two equal signs (=).

Azure Publish Setting Password (RegEx)

Format:

The string userpwd= followed by an alphanumeric string.

Pattern:

  • the string userpwd=.

  • any combination of 60 lowercase letters or digits.

  • a quotation mark (").

Azure Storage Account Key (RegEx)

Format:

The string DefaultEndpointsProtocol followed by the characters and strings outlined in the pattern below, including the string AccountKey.

Pattern:

  • The string DefaultEndpointsProtocol.

  • Up to two whitespace characters.

  • An equal sign (=).

  • Up to two whitespace characters.

  • Any combination of between 1 and 200 lower or uppercase letters, digits, symbols, special characters, or spaces.

  • The string AccountKey.

  • Up to two whitespace characters.

  • An equal sign (=).

  • Up to two whitespace characters.

  • Any combination of 86 characters that are lower or uppercase letters, digits, forward slash (/), or plus sign (+).

  • two equal signs (=).

Card Number (RegEx)

Format:

14 digits that can be formatted or unformatted (dddddddddddddd) and must pass the Luhn test.

Pattern:

A complex pattern that detects cards from all major brands worldwide, including Visa, MasterCard, Discover Card, JCB, American Express, gift cards, and diner cards.

Card Number (Keywords)

Date of Birth (RegEx)

Format: a date represented in a known UK or US format

Pattern: must include a prefix, Date of birth: or Birthday:.

Date of Birth (Keywords)

Email Address (RegEx)

Format: Has to have a prefix, the asperand (@) symbol, and a domain. The domain needs to contain a dot (.), and an additional 2-3 characters at the end.

Pattern:

  • A prefix: letters, numbers, underscores, periods, and dashes. An underscore, period, or dash must be followed by one or more letter or number.

  • An asperand (@).

  • The domain: letters, numbers, dashes.

  • A dot (.).

  • An additional 2-3 characters.

International Banking Account Number, IBAN (RegEx)

Format:

Country code (two letters) plus check digits (two digits) plus bban number (up to 30 characters)

Pattern:

  • Two-digit country ISO code, two checksum digits, and a Basic Bank Account Number (BBAN).

  • All IBANs are digits only.

  • BBAN is broken down into:

    • b - National bank code.

    • c - account number.

    • s - branch code.

    • x - national check digit.

      Note

      The format for each country is slightly different. The IBAN sensitive information type covers these 60 countries: ad, ae, al, at, az, ba, be, bg, bh, ch, cr, cy, cz, de, dk, do, ee, es, fi, fo, fr, gb, ge, gi, gl, gr, hr, hu, ie, il, is, it, kw, kz, lb, li, lt, lu, lv, mc, md, me, mk, mr, mt, mu, nl, no, pl, pt, ro, rs, sa, se, si, sk, sm, tn, tr, vg

IP Address (RegEx)

Format:

  • IPv4: Complex pattern that accounts for formatted (periods) and unformatted (no periods) versions of the IPv4 addresses.

  • IPv6: Complex pattern that accounts for formatted IPv6 numbers (which include colons).

Pattern:

N/A

Password (RegEx)

Format:

The password must contain at least one lowercase character, one uppercase character, one digit, one special character, and a length form 8 to 14.

Pattern:

Contain all of the following, but in no particular order:

  • At least one digit [0-9]

  • At least one lowercase character [a-z]

  • At least one uppercase character [A-Z]

  • At least one special character [*.!@#$%^&(){}[]:;<>,.?/~_+-=|\]

  • At least 8 characters in length, but no more than 14

Password (Keywords)

SWIFT Code (RegEx)

Format:

Four letters followed by 5-31 letters or digits.

Pattern:

Four letters followed by 5-31 letters or digits:

  • Four-letter bank code (not case sensitive).

  • An optional space.

  • 4-28 letters or digits (the Basic Bank Account Number (BBAN)).

  • An optional space.

  • 1-3 letters or digits (remainder of the BBAN).

SWIFT Code (Keywords)