icon-unified.svg
Experience Center

Editing Predefined DLP Engines

The Zscaler service provides 5 predefined DLP engines:

  • HIPAA: This engine is designed to detect Health Insurance Portability and Accountability Act (HIPAA) violations, using the Social Security Numbers (US) and Medical Information dictionaries.
  • GLBA: This engine is designed to detect violations of the Gramm-Leach-Bliley Act (GLBA), using the Social Security Numbers (US) and Financial Statements dictionaries.
  • PCI: This engine is designed to detect Payment Card Industry (PCI) compliance violations, using the Credit Cards and Social Security Numbers (US) dictionaries.
  • Offensive Language: This engine is designed to detect offensive language, using the Adult Content dictionary.
  • Self-Harm & Cyberbullying: This engine is designed to detect violations of student safety, using the Self-Harm & Cyberbullying dictionary.

The Self-Harm & Cyberbullying engine is intended for use by K-12 educators. If you’re an educator, contact your Zscaler Account team to enable this feature.

You can edit a predefined DLP engine to detect content that is relevant to your organization. To edit a predefined DLP engine:

  1. Go to Policies > Data Protection > Common Resources > Dictionaries & Engines > DLP Engines.
  2. Click the Edit icon for the predefined DLP engine.

The Edit DLP Engine window appears.

  1. For Engine Builder: Add operators and DLP dictionaries to build an expression. You can see your expression in the Expression Preview.

Under Expression:

  1. Select an operator to build your expression. The operators include All (AND), Any (OR), Exclude (AND NOT), and Sum. The Sum operator is available for count-based DLP dictionaries (i.e., Credit Cards, Social Security Numbers, etc.) and allows you to specify the sum total of matches that trigger a group of dictionaries specified in the DLP engine.

For the root expression, only the All (AND), Any (OR), and Sum operators are allowed.

  1. Click Add to add a Dictionary or a Subexpression. Click the Remove icon () to delete dictionaries or subexpressions.
  • If you use the Sum operator, select two or more predefined or custom DLP dictionaries. You must set a value for the match count. You can enter any value less than 1,000.
  • If you use the All, Any, or Exclude operators, you must select a predefined or custom DLP dictionary. Certain dictionaries require you to set a value for the match count. You can enter any value less than 1,000.
  • If you click Subexpression, you must select an operator. The operators include All (AND), Any (OR), Exclude (AND NOT), and Sum. The Sum operator is available for count-based DLP dictionaries (i.e., Credit Cards, Social Security Numbers, etc.) and allows you to specify the sum total of matches that trigger a group of dictionaries specified in the subexpression.

You can use the Sum operator as part of a subexpression; however, you cannot add a subexpression to an expression or subexpression that uses the Sum operator.

  1. Continue adding dictionaries and operators to the expression as needed. At each level, you can create up to 4 subexpressions, use up to 4 operators, and add up to 16 dictionaries per operator.
  2. Click Save and activate the change.

You can also add a custom DLP engine. To learn more, see Adding Custom DLP Engines.

Related Articles
About DLP DictionariesUnderstanding Predefined DLP DictionariesEditing Predefined DLP DictionariesCloning Predefined DLP DictionariesAdding Custom DLP DictionariesDefining Patterns for Custom DLP DictionariesDefining Phrases for Custom DLP DictionariesDefining Microsoft Information Protection Labels for Custom DLP DictionariesAbout DLP EnginesUnderstanding DLP EnginesEditing Predefined DLP EnginesAdding Custom DLP EnginesCloning DLP Engines