Secure Internet and SaaS Access (ZIA)
Adding DLP Resources
Adding Data Loss Prevention (DLP) resources is the first step you complete when configuring Endpoint Data Loss Prevention (DLP) policy rules. The Zscaler service supports the following DLP resources:
- Network shares
- Printers
- Removable storage
The Zscaler service automatically supports Box, Dropbox, Google Drive, iCloud for macOS, and OneDrive personal cloud storage accounts. No extra configuration is available for those services as DLP resources.
When you add DLP resources, you can then use them to create Endpoint DLP policy rules to monitor and take action on sensitive data. Additionally, you can create restrictive Endpoint DLP rules (i.e., block all users from printing sensitive data), and then you can add rule exceptions that allow users or groups in your organization to perform tasks that might otherwise violate restrictive rules.
For example, your organization has an Endpoint DLP policy that blocks all users from saving sensitive data to removable storage devices. However, you have a banking customer that can't access files outside their corporate intranet. As a result, users in your Finance Department share Excel files that contain sensitive data with the customer via a set of USB flash drives. In that case, you can use specific identifiers to create a DLP resource for each of the flash drives that move between your Finance Department and the banking customer, and then you can create a rule exception that allows users in your Finance department to save Excel files to those specific flash drives.
To learn more, see Configuring Endpoint DLP Policy Rules.
You can use the following methods to DLP resources:
- Add a single DLP resource
- Go to Administration > DLP Resources.
- On the DLP Resources page:
- Add a network share
- Click Add Network Share.
The Add Network Share window is displayed. - In the Add Network Share window:
- Enter the following Network Share Details:
- Name: The name of the network share
- Server Name: The server name where the network share is located (e.g., the server's IP address)
- (Optional) Description: A description of the network share
- Select one of the following Directories attributes:
- All files and directories on this server: Select this option if you want to include all files and directories on the specified server.
- Files in the following directories and subdirectories: Select this option if you want to specify the directories and subdirectories to be included. If you select this option, the Directory Paths field is displayed. Add paths (e.g.,
/<folder>/<subfolder>) separated by line breaks, then click Add Items.
- Enter the following Network Share Details:
- Click Add.
- Click Add Network Share.
- Add a network printer
On the Printers page, you can do the following:
- Click Add Printer. The Add Network Printer window is displayed.
- In the Add Network Share window:
- Name: Enter a name for the network printer.
- Domain: Enter the name of the domain where the printer is located.
- Printer Name: Enter the name of the printer as it appears in the operating system list of printers.
- IP Address: Enter the IP address for the network printer.
- (Optional) Description: Enter a description for the network printer.
- Click Add.
- Add a removable storage device
On the Removable Storage page, you can do the following:
- Click Add a Removable Storage device. The Add Removable Storage window is displayed.
- In the Add Removable Storage window:
- Enter the following Removable Storage Details:
- Name: The name of the removable storage device
- (Optional) Description: A description of the removable storage device
- Enter at least one of the following Criteria for the device:
- Vendor ID: The manufacturer of the removable storage device
- Product ID: The product ID of the removable storage device
- Serial Number: The serial number of the removable storage device
- Enter the following Removable Storage Details:
- Click Add.
- Add a network share
- Activate your changes.
- Import multiple DLP resources
You can import multiple resources at the same time using a CSV file. There is a sample template available to download for each resource type.
To import multiple DLP resources:
- Go to Administration > DLP Resources.
- On the DLP Resources page:
- Import network shares
- Click Import Network Shares.
The CSV Import - Network Shares window is displayed. - Click Download csv template to download the import network shares template.
- Enter your network shares in the CSV file tempate in the following format:
<name>,<description>,<server name>,<paths>
For example:
Network share 1,imported network drive,Server 3234,"path1,path2,path3,path4,path5,path6,path7,path8"
- After you have the CSV file saved in the correct format, click Choose a file.
- Browse and select the CSV file you want to import, then click Open.
- Click Next.
- In the Preview pane, confirm the details of the network shares you are importing.
- (Optional) Add the network shares to a group:
- Click Add the imported resources to a group.
- To add the resources to a new group, click New Group, then specify a name and description for the group.
- To add the resources to an existing group, click Existing Group, then select a group from the Select Group drop-down menu.
- Click Import.
See image.
The network shares appear in the list in the Network Shares window.
- Click Import Network Shares.
- Import network printers
- Click Import Printers.
The CSV Import - Printers window is displayed. - Click Download csv template to download the import network printers template.
- Enter your network shares in the CSV file tempate in the following format:
<name>,<description>,<UNC>,<IP address>,<domain>
For example:
Printer1,Printer outside Conference Room 1,blr/resources/folder1,1.1.1.1,printer.safemarch.com
- After you have the CSV file saved in the correct format, click Choose a file.
- Browse and select the CSV file you want to import, then click Open.
- Click Next.
- In the Preview pane, confirm the details of the network printers you are importing.
- (Optional) Add the printers to a group:
- Click Add the imported resources to a group.
- To add the resources to a new group, click New Group, then specify a name and description for the group.
- To add the resources to an existing group, click Existing Group, then select a group from the Select Group drop-down menu.
- Click Import.
See image.
The network printers appear in the list in the Printers window.
- Click Import Printers.
- Import removable storage devices
On the Removable Storages page, you can do the following:
- Click Import Removable Storages.
The CSV Import - Removable Storages window is displayed. - Click Download csv template to download the import removable storages template.
- Enter your removable storages in the CSV file tempate in the following format:
<name>,<description>,<vendor ID>,<product ID>,<serial number>
For example:
Finance Department 1,Thumb drive for use by the Finance Deparment,11029,11926,59695
- After you have the CSV file saved in the correct format, click Choose a file.
- Browse and select the CSV file you want to import, then click Open.
- Click Next.
- In the Preview pane, confirm the details of the removable storage devices you are importing.
- (Optional) Add the removable storage devices to a group:
- Click Add the imported resources to a group.
- To add the resources to a new group, click New Group, then specify a name and description for the group.
- To add the resources to an existing group, click Existing Group, then select a group from the Select Group drop-down menu.
- Click Import.
See image.
The removable storage devices appear in the list in the Removable Storages window.
- Click Import Removable Storages.
- Import network shares
- Activate your changes.
