Deployment GuideContent Registration › Creating Content Agents

Previous Topic: Using Content Agents to Detect Spreadsheets

Next Topic: What Level of Accuracy Do I Need?

Creating Content Agents

Creating a fully functional content agent is a multi step process. These steps are described below.

To create a content agent

  1. In the Administration console, expand the Content Registration branch.
  2. Right-click the Agents folder and choose Create Content Agent.
  3. In the Select Agent Index Type dialog, choose the agent type:
    File Detection

    These content agents can detect protected files in their entirety. For example, if a user attaches a protected file, wholly unchanged, to an email or copies it to a USB drive, the content agent detects it.

    Text Detection

    These content agents can detect emails or files containing text copied from, or based on, a protected document. There are two aspects to these agents.

    First, you can specify how much detail is stored in each document fingerprint. This affects the size of the content index associated with the agent.

    Second, you can specify how sensitive the agent is when checking suspected emails or documents for protected content.

    (Optional) You can designate a Text Detection agent as one created explicitly to reduce the number of false positives when used in conjunction with an ordinary content agent. For details, see Supplementary Content Agents to Reduce False Positives.

  4. In the Agent Properties dialog, supply the following details:
    General tab

    Specify the agent name and description and the Index Builder Machine. This can be any server on your network hosting the CA DLP File Scanning Agent.

    (Optional. Text Detection agents only) Specify subsidary agents to reduce the number of false positives. These agents identify and exclude from processing text extracts that are deemed benign or acceptable, such as corporate disclaimers.

    Filter tab

    (Optional) Specify the folder and file options, such as whether to fingerprint hidden files or files in subfolders.

    Build tab

    (Text Detection agents only) Specify how much detail is stored in the fingerprint of a protected document. The more detailed the fingerprint, the more reliably an agent can recognize content originating from that document. However, a content index containing highly detailed fingerprints can be very large indeed.

    For details, see What Level of Accuracy Do I Need?

    Evaluation tab

    (Text Detection agents only) Specify how sensitive the agent is to the loss, or potential loss, of protected files and documents. There are two methods for specifying the agent's sensitivity:

    • The agent can check for variants of protected documents or documents that closely resemble a protected document.
    • Alternatively, the agent can check for extracts copied word for word from a protected document. You can specify the minimum size of these extracts.

To add folders and files that you want to protect

After creating a content agent, you must specify which folders and files it will protect.

  1. In the Administration console, expand the Content Registration branch.
  2. Right-click the agent and choose Add Location.
  3. In the Add Location dialog, browse to the folders and files you want to protect.

    Note: CA DLP can fingerprint files contained within zipped files.

To build a content index

See 'Managing Content Indexes' for details.

To publish a content agent

After building your content index, you must publish the content agent.

  1. Select the agent in the Content Registration screen.
  2. Click the Publish content agent button Publish button.

To set up a content agent trigger

After setting up your content agents and building the content indexes, you must assign the agents to triggers in your user policies. These triggers fire when they detect a file that matches a fingerprint in the content agent's index.

You also need to give these triggers distinctive names and, typically, an appropriate policy class. This enables reviewers to easily search for fingerprinted files captured or blocked by CA DLP.

  1. In the Administration console, right-click a user or group and choose Edit Policy.
  2. In the User Policy Editor, select the trigger you want.

    For email and Web triggers, you can only assign content agents to a Content Agent trigger.

    For Data In Motion and Data At Rest triggers, you can assign content agents to any trigger.

  3. (Data In Motion triggers and Data At Rest triggers only) Edit the Use Content Agents For Files? trigger setting. Set this to 'Use content agents to analyze text content'.
  4. Edit the Which Content Agents? trigger setting and add the content agents that you want to associate with this trigger.
  5. Edit the Trigger Name and Policy Class settings as required.

    Reviewers will search for 'fingerprint events' using these trigger names and policy classes.

More information:

Managing Content Indexes