Introduction
Clipboard Content Sharing rules are essential for establishing a robust Data Loss Prevention (DLP) strategy. You can use these rules to effectively monitor and control the flow of sensitive data that is copied from secure applications or sites, such as a CRM is not pasted into unauthorized apps or websites.
Rule Walkthrough
The example below uses a Clipboard rule to detect and record instances when data is copied from a CRM and pasted into unauthorized external domains.
Setting Up the Rule
General Settings
1. Assign a Rule Name. For example, “Record copy/paste outside domain”.
2. Select a Parent Policy. For example, “Admin Policy”.
3. Select “Content Sharing” for Rule Type.
4. Select “Clipboard” under Select the type of contents.
Helpful Resources:
Employees
5. Turn off the Inherit targets from Parent Policy option to manually select the rule's targets. Then, select employees, departments and/or computers for the rules target from the Assign to field. In this case, we selected a department named "Sales".
6. Alternatively, you can keep the Inherit targets from Parent Policy option turned on to use the policy’s default targets.
7. Optionally, you can exclude targets in the Exclude from rule field.
Helpful Resources:
Content
8. A default definition block, "Definition 1," should already be added to the rule. Configure the definition as follows:
Definition 1
9. Select "Clipboard Origin" for Type of sensitive data.
10. Select "Webpage URL" under Sensitive data to detect.
11. In the field below, enter the webpage URLs where you want to detect the clipboard copy operation (origin of the clipboard). For example, "teramind.lightning.force.com". Then, select the Contains condition.
Helpful Resources:
Clipboard
12. A default condition block, "Condition 1," should already be added to the rule. Configure the condition as follows:
Condition 1
13. Add the Webpage url criterion by clicking the +Add button.
14. In the Except field, enter the destination webpage URLs you wish to allow the paste operation to. Enter each URL individually (e.g., "teramind.lightning.force.com", "teramind.com"), and then select the Contains condition for each entry.
Helpful Resources:
Actions
15. Select the Record action.
16. Specify the time window for recording by entering the appropriate values in the Minutes before violation and Minutes after violation fields.
Help Reference:
Rationale for the Rule
The clipboard is a primary vector for accidental or malicious data leakage, necessitating granular control over the data flow between authorized and unauthorized domains.
This rule leverages precise detection conditions to establish a virtual data boundary and automatically record the violation of the incident:
Detection (Origin): The rule uses a Clipboard Origin content definition targeting the Webpage URL. By specifying an internal application URL (e.g.,
teramind.lightning.force.com), the rule is activated only when a copy operation occurs within this specific secure source.Enforcement (Destination): The subsequent Clipboard condition block uses the Webpage URL criterion paired with the Except field to whitelist approved destination domains (e.g., the origin URL itself and
teramind.com) for the paste operation. The rule is thus triggered if the copied content is pasted into any other destination URLs that are not on the approved list.Action: The Record action initiates a detailed screen video recording, providing security teams with crucial forensic data of the attempted incident. Use this action to capture evidence even when continuous screen recording is disabled.