Set up a Google DLP alert every time a document that contains sensitive information is shared outside your G Suite domain.
An alert is sent if the regex matches a newly shared out file (Google types only)
Open GAT+ navigate to Alert rules under the Configuration tab
Click on the + sign and a new window will be displayed, fill in the details and click and Save.
Set up a Name for the rule
Set the checkmark to Enabled
Set the Type to Drive
Choose the scope whom will be affected by this alert rule
- It can be a user, group or org.unit
Pick and select the Recipient it can be a local user from the domain or it can be custom one.
Alert is sent if the regex matches a newly shared out file (Google types only)
Enter the name for the Regex and the actual Regex pattern
When Notify user selected a new window will be displayed where a message can be sent to users.
When Remove shares the alert will automatically remove the shares once it detects the regex pattern and shared out condition.
For this example we use regex patterns for detecting:
- US SSN Entered – \b(?!000)(?!666)([0-6]\d{2}|7([0-356]\d|7[012]))[- ]?(?!00)\d{2}[- ]?(?!0000)\d{4}\b
- Credit Card Number – /\b(1800|2131|30[0-5]\d|3[4-7]\d{2}|4\d{3}|5[0-5]\d{2}|6011|6[2357]\d{2})[- ]?(\d{4}[- ]?\d{4}[- ]?\d{4}|\d{6}[- ]?\d{5})\b/gi
- Homophobic language used – (\W|)([Tt]ranny)|([Dd]yke)|(poof)|(poofter)|(fag)|(faggot)|(queer)|(lesbo)|(bugger)|(girlyboy)|(nancyboy)|(rent boy).*?(\W$)
Use any other Regex examples for your needs.
Click on save to activate the rule.
When the rule is created it can be found in the Alert rules under the configuration.
It can be viewed (eye icon), edited (pen icon) or deleted from the (x button).