XML Attribute Lookup Examples

Policy Guide › Data Lookup › XML Attribute Lookup › XML Attribute Lookup Examples

XML Attribute Lookup Examples

These examples illustrate the various operator combinations in XML Attribute lookup commands.

Detecting Email X-headers

The example below detects emails containing an x-header named 'x-vpm-state'
```
xmlattr WHERE apm/event/email/header/item[@name='x-vpm-state'] IS "*" 
```
The example below detects emails containing an x-header named 'x-vpm-state' where the x-header value is set to 'sensitive'.
```
xmlattr WHERE apm/event/email/header/item[@name='x-vpm-state'] IS "sensitive" 
```
The example below detects emails containing an x-header named 'x-vpm-state' where the x-header value is set to 'public, and excludes these emails from policy processing. That is, the trigger does not fire.
```
NOT (xmlattr WHERE apm/event/email/header/item[@name='x-vpm-state'] IS "public")
```

Detecting File Attributes

The example below detects all imported files smaller than 10 KB. Note that the file size attribute is measured in bytes, not KB.
```
xmlattr WHERE apm/event/file/size < 10240
```
The example below tests the path attribute to detect all files imported from the \Tips folder on the machine UX-RIMMEL:
```
xmlattr WHERE apm/event/file/path IS "\\UX-RIMMEL\Personal\Tips"
```
Note: You do not need to specify a UNC path. You can also specify a local drive path if your policy engine is running on the same machine as the source folder.
The example below detects all imported files that were modified between 21 and 25 May 2007:
```
xmlattr WHERE (apm/event/file/modified >= "2007-05-21") AND (apm/event/file/modified < "2007-05-26")
```
Note: All date and time metadata is stored in UTC (Coordinated Universal Time) on the CMS. Your xmlattr lookup commands must therefore specify UTC dates and times.
Many files, particularly Microsoft Word documents, include an Author property. CA DataMinder always attempts to identify and store this as an attribute in the file event’s metadata. This example detects all files where the author name includes the strings Rimmel or Steel:
```
xmlattr WHERE apm/event/file/author CONTAINS ANY {"Rimmel","Steel"}
```
The example below checks the 'Security' property in Microsoft Word documents. This property is in the 'Custom' property set. Here, the xmlattr lookup command detects documents that are not marked as 'Confidential':
```
WHERE apm/event/file/property_set[@name="Custom"]/property[@name="Security"] IS NOT "Confidential"
```
The example below uses a WITH statement to check the 'Security' and 'Status' properties in Microsoft Word documents. Status, like Security in the previous example, belongs to the 'Custom' property set.
Here, the xmlattr lookup command detects documents marked as 'Confidential' and whose status is 'Approved':
```
WITH apm/event/file/property_set[@name="Custom"] WHERE ([property@name="Security"] IS "Confidential") AND ([property@name="Status"] IS "Approved")
```
The example below example simply checks whether a 'Custom' or 'Version' property set is defined in the XML metadata:
```
WHERE apm/event/file/property_set/@name IS ANY {"Custom","Version"}
```

More information:

XML Attribute Lookup Syntax

XML Metadata Examples