Experience Center
Adding Custom DLP Dictionaries
Adding a custom Data Loss Prevention (DLP) dictionary is one of the tasks you can complete when configuring DLP policy rules. To learn more, see Configuring DLP Policy Rules with Content Inspection.
For each custom dictionary, you can add Exact Data Match (EDM) index templates, Indexed Document Match (IDM) index templates, Microsoft Information Protection (MIP) labels, or custom phrases and alphanumeric patterns. These represent the content you want to protect, and which the dictionary is to detect.
To learn more about the ranges and limitations for custom DLP dictionaries, see Ranges & Limitations.
To add a custom DLP dictionary:
- Go to Policies > Data Protection > Common Resources > Dictionaries & Engines.
Click Add DLP Dictionary.
The Add DLP Dictionary window appears.
- In the Add DLP Dictionary window:
- Name: Enter a name for the dictionary.
- Dictionary Type: Select a type from the drop-down menu.
Exact Data Match: If selected, the Exact Data Match section appears below, where you can select existing EDM templates and add data fields from those templates. To learn more, see Creating an Exact Data Match Template and Defining Exact Data Match Fields for Custom DLP Dictionaries.
Indexed Document Match: If selected, the Indexed Document Match section appears below, where you can select existing IDM templates and choose match accuracy levels for those templates. To learn more, see Creating an Indexed Document Match Template and Defining IDM Match Accuracy for Custom DLP Dictionaries.
Microsoft Information Protection (MIP): If selected, the MIP labels appear in the table below, where you can select the MIP labels. To learn more, see Adding a MIP Account and Defining Microsoft Protection Labels for Custom DLP Dictionaries.
Patterns & Phrases: If selected, the Patterns and Phrases sections appear below, where you can add patterns, phrases, and apply actions to them. To enable Unicode phrases defined in the Phrases list to be matched if they are adjacent to other characters without any delimiter in between, select the Non-delimited Unicode Phrase matching checkbox. For example, the phrase “クレジットカード” matches “クレジットカードのコピーをください”. Matches happen even when no spaces are detected. To learn more, see Defining Patterns for Custom DLP Dictionaries and Defining Phrases for Custom DLP Dictionaries.
- Match On: This is only applicable if you select Microsoft Information Protection (MIP) as the Dictionary Type. Enter a search term to find an MIP label to add to the custom dictionary.
- Match Type: This is only applicable if you are configuring a Patterns & Phrases type dictionary. Select a Match Type from the drop-down menu to configure how the dictionary triggers when matching patterns and phrases.
- Match Any: This is the default setting. If selected, the dictionary triggers when a transaction matches any one of the dictionary’s patterns or phrases.
- Match All: If selected, the dictionary triggers when a transaction matches all of the dictionary’s patterns and phrases.
- Match Any Patterns and Any Phrases: If selected, the dictionary triggers when a transaction matches any one of the dictionary's patterns and any one of the dictionary's phrases. This option requires at least one phrase and one pattern to match.
- Description: (Optional) Enter a description for the dictionary.
- Enable Proximity: This is only applicable if you select Match Any Patterns and Any Phrases as the Match Type. You can enable proximity to define how close a phrase must be to an instance of a pattern to count as a match.
- Proximity Length: Defines how close a phrase must be to an instance of the pattern (that the dictionary detects) to count as a match. The phrase can be located in any direction from the pattern within the document. Enter a value from 0–10,000 bytes. A proximity length of 0 disables this option (i.e., the phrase can be any distance from the pattern).
- Click Save and activate the change.
You can also edit or clone the predefined dictionaries Zscaler provides. Any combination of cloned, predefined, and custom dictionaries can be added to a DLP engine, which is what you must reference when creating DLP policies. To learn more, see About DLP Engines.