Policy Guide › Stopping Data Leaks to the Cloud › Applying Policy to HTTP Activity › Configure the User Policy

Configure the User Policy

To complete the network agent deployment, you must edit Data In Motion triggers and control actions in the user policy.

These triggers include settings that let you specify which types of document or data submission you want the network agent to detect. This section focuses on the key Data In Motion settings for the network agent.

Which File Sources?

In each Data In Motion trigger, this setting instructs the trigger to analyze files or documents captured by various CA DataMinder agents. Verify that the following agent is selected:

• Client Network Agent for File

  You must select this agent if you want to analyze data submitted to web sites, including files being uploaded to file sync websites such as DropBox.com.

Which Targets?

Note: Depending on the Which File Sources? setting, the Targets settings can specify lists of removable devices, printer names, network folders, URLs, or writable CD drives.

Use the Targets settings to define URLs that you want to monitor or exempt. You can specify lists of included or excluded URLs.

Type the URLs that you want to include or exclude. Use ? and * wildcards if required. If you set up the trigger to use:

• Included URLs, the trigger only fires if a user tries to submit data to a URL on the Included list. For example, add www.facebook.com to the Included list.
• Excluded URLs, these URLs are exempted from control by the network agent. But attempts to submit data to any other (unlisted) URL will fire the trigger.

Top Level File Lists

All Data In Motion triggers include Top Level File Lists. Use these lists to detect normal files or zip files, or files in network locations.

Edit these lists to identify the names of files that you want to apply policy to. For example, you can specify:

• * to analyze all files
• *.docx to analyze all .docx files
• A list of specific .zip files to analyze.

For each trigger, choose whether to use an Included, Excluded or Ignored file list.

Individual/Embedded File List

If required, Data In Motion triggers can look for files contained within a zip file or embedded in a master file. To do this, edit the Individual/Embedded File Lists. For each trigger, you can choose to use an Included or Excluded file list.

Using these lists in conjunction with the Top Level File Lists, you can feasibly search all .zip files for a specific file. For example, set Included Top Level Names to *.zip and Included Individual/Embedded File Names to *.doc to search for all .doc files contained within .zip files.

Intervention

In each Data In Motion control action, the Intervention setting determines how the network agent handles data submissions to web sites. The key supported options are Block and Categorize. The Block option prevents the user from submitting data or uploading a file.

Note: The network agent also supports None and No Further Actions intervention options.