Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Using Cloud App Security to detect Social Security Numbers in Office365

$
0
0

So after reading a fellow Norwegian MVP Jan Vidar writing a blog post about using Azure IP and RMS to automatic classify content based upon containing a Norwegian Nation ID number. I decided to build upon that post, and how we can use Microsoft Cloud App Security to do content inspection on files in Office365 to detect the presense of these types of numbers in files.

Jan Vidar goes a good job explaning how the Norwegian Nation ID number is built up > https://gotoguy.blog/2016/11/25/protecting-norwegian-national-id-number-with-azure-information-protection-and-rms/ and for RMS he also uses RegEx to detect these kind of numbers since they have a specific sequence and how it is built up.

Now Cloud App Security which I have blogged about earlier has an option to connect to Office365 to do content inspection http://msandbu.org/microsoft-cloud-app-security-integrating-with-office365/

So to ensure this is going to work I typed in a bogus nation ID number in a work documented contained in a Onedrive for Buisness for a specific user.


Using Cloud App Security to detect Social Security Numbers in Office365

Then I needed to create a content inspection policy.


Using Cloud App Security to detect Social Security Numbers in Office365

So first we need to create a new file policy.


Using Cloud App Security to detect Social Security Numbers in Office365

So I give it a name, specify where the policy is going to be applied which is OneDrive for buisness and that it applies to all files.


Using Cloud App Security to detect Social Security Numbers in Office365

Then I enabled content inspection and specified that I needed to use a regular expression. For some reason I couldn’t use the same regex that Jan Vidar had so I needed to create a new one.

\b(?:0[1-9]|[12]\d|3[01])(?:[04][1-9]|[15][0-2])\d{7}\b

(This site http://regexr.com/ is a life saver!)¨


Using Cloud App Security to detect Social Security Numbers in Office365

Then I just specify that it should create an alert for each matching file detected. Now depending on the amount of files in the OneDrive structure or the users it might take some time, but go into Investigate > Files


Using Cloud App Security to detect Social Security Numbers in Office365

Now eventually you can see the file appearing in the list, if you open the file you can see that it matched the policy “Social Security number” and scan complete which states that the policy has finished inspecting the content.


Using Cloud App Security to detect Social Security Numbers in Office365

It now appears in the Alerting pane based upon the policy.


Using Cloud App Security to detect Social Security Numbers in Office365

So from within the alerting pane I can for instance put the user in quarantine or open up the document to double check if the content is actually valid.


Using Cloud App Security to detect Social Security Numbers in Office365

Viewing all articles
Browse latest Browse all 12749

Trending Articles