I need a solution
The CCI filter is picking up driver versions as CCI even when it performs the Luhn test. I have confirmed that these are false positives coming from an endpoint manager going to the endpoint but I am having trouble exluding these events from the DLP filter. The event has the following info:
<DriverVerVersion>16-digit string</DriverVerVersion>
I would like to create a regex that says if 16-digits has <DriverVerVersion> before and/or </DriverVerVersion> after, exclude. However, I am not sure where I would apply it since the regex feature seems to be telling DLP to look for things, not exclude them.
Is there a setting I am missing or an expression that I could use somewhere to exclude these events? Thanks.
0