SMX - How to create Smart rules

SMX - How to create Smart rules

Revisions
Revised by
Mike Migalbio
Nature of Update
Confirmed this is still active process
Date of Revision
13/10/2022

HOW TO:  

 How to create SMX smart rules


CUSTOMER DESCRIPTION

How can I set up SMX smart rules

 

ENVIRONMENT

 SMX


PROCESS

Creating Smart Rules

Creating a New Smart Rule

The general steps to create new SmartRules are:
1. Create/select a rule set.
2. Create new SmartRule within the rule set.
3. Populate your rule with Conditions and Actions.
4. Specify the domain (inbound) or mail server (outbound) the SmartRule will apply to.
5. Enable or disable the rule.

Detailed Instructions

1. To create your first rule, you need to create or select a rule set. Create a new rule set by clicking
the New Set icon. Name the new rule set and save.
2. With the rule set selected, add a new rule by clicking the New SmartRule button in the righthand
pane. Either create an Empty SmartRule to build from, or select one of the existing SMX
created System Rules from the drop-down menu, and click OK.
3. Name the rule (mandatory) and provide an optional description.
4. Depending on the base rule chosen, you are either presented with a blank rule (set with nothing
in the Conditions or Actions sections), or with populated Conditions and Actions sections.
Modify your rule as desired using the drag-and-drop Conditions or Actions icons from the
toolbar. Review and save the rule.
5. Enable a rule to activate it. New rules are disabled by default.

Conditions

Conditions are essentially IF Statements that determine the criteria that trigger a rule's Actions to occur.
When a Condition is met, the Actions are then executed.
Conditions can be based on the following elements:
The following are the description of the icons as shown in the order above:
  1. Sender: this is an email address
  2. Recipient: this is an email address
  3. Message Size: MB or KB
  4. Suspected Whaling
  5. Content (body): content text, images
  6. Attachments: content can be a text, an item in created list, pattern or a regular expression (regex). Attachment type or name can also be used to create a rule.
  7. Group Conditions: It operates as Boolean statements.
IF:
ALL = AND
ANY = OR
NONE = NOT ANY
NOT ALL = NOT AND

Wildcards and Case Sensitivity

Case sensitivity: Values in SmartRules are NOT case sensitive, except when using regular expressions
where the option to ‘ignore case’ is provided by a checkbox.
Whole word searches: Whole word searches apply when scanning for content matches within contains
section in Conditions. For example, content searches for the text string ‘straw’ will NOT be triggered by
the word’s straws or strawberry (shown below)


Wildcards: The wildcard character ‘*’ can be used in all searches including text strings, MIME file types
and regular expressions. For example (from image below), searches for the text straw* WILL be
triggered by the word’s straws or strawberries.


Regular Expressions

  1. Regular Expressions can be created in Attachment and Content section in a Condition.
  2. Regular Expressions are created in PCRE format. For further information on PCRE see: http://www.pcre.org/
  3. Matching of Regular Expression searches are case sensitive by default. The option to ‘ignore case’ is provided by a checkbox.


Actions

The following Actions can be applied to an email once the Conditions of a rule are met.

  1. CC, BCC: Deliver email to intended recipient and CC, BCC as specified.
  2. Redirect: Do NOT deliver email to intended recipient, redirect email as specified.
  3. Whitelist: Deliver email to recipient regardless of any spam or existing blacklist classification. This will not override a virus classification).
  4. Replace matched recipient domains: Deliver email to the intended recipient at an alternative email domain e.g. sarah@old_company_name.com --> sarah@new_company_name.com
  5. Replace Sender: Deliver email to the intended recipient and replace the original sender with a specified address in either the envelope or both headers and envelope.
  6. Send Notification: Send notification message (new email) to specified address, using a Content Template. Content Template must be created before the rule.
  7. Preamble: Appends a notification/warning to the email that triggered the rule.
  8. Append Footer: Add notification message to body of existing email, using a Content Template.
  9. Strip matched attachments: Remove only those attachments that meet the rule's Conditions and deliver email to intended recipient;
  10. Strip all attachments: Remove all attachments and deliver email to intended recipient.
  11. Stop ruleset processing: Apply no further rules within this rule set. Subsequent rules sets will still be applied.
  12. Refuse message: Do NOT deliver. Send notification message (new email) to specified address, using a Content Template.
  13. Quarantine: Quarantine a message according to Condition specified.
  14. Drop message: Do NOT deliver. Do not process. Take no additional action.
  15. Else: to implement Else Actions, when no rule Conditions are met, create another SmartRule within the same Rule Set, immediately below the associated rule. This additional rule is then subsequently applied, creating the equivalent of an Else action.

Nested Actions

Nested Actions are only available for Actions that involve matched Attachment or matched Recipient in
the Conditions of a rule.
Actions are nested so they will only run if the parent Action operates on a non-empty matched set (and
therefore actually does something).
For example, to send a notification message when an attachment has been stripped from an email, it is
necessary to nest the Notify Action. If un-nested, the notification would be actioned even though an
attachment was not actually removed from the email, sending incorrect information as a result.


Attachment Content Scanning

SmartRules® can be configured to scan the content of all email attachments for trigger words and
predefined patterns (such as credit card numbers and IP addresses). Regular expressions can also be
used in Conditions to define and detect patterns within attachments.
Attached files are checked against the Conditions of the rule, triggering the rules’ Actions when a match
is detected. The offending attachment/s, or all attachments, may be stripped from the message.
Attachment Content Conditions
Rules may include Any attachment, All attachments or a Number of attachments (n).
  1. Type: Attachment type must be entered in MIME type format e.g. application/pdf, text/html,text/*
  2. Contains: Email attachment contents can be scanned for text, list items, system list items,patterns and regular expressions.
Case sensitivity: Content searches are not case sensitive, except when using regular expressions
where the option to ‘ignore case’ is provided by a checkbox.
Whole word searches: Whole word searches apply when scanning for content matches. For example,
content searches for the text string straw will NOT be triggered by the word’s straws or strawberry.
Wildcards: The wildcard character ‘*’ can be used in all search condition including text strings, MIME
file types and regular expressions. For example, searches for the text straw* WILL be triggered by the
word’s straws or strawberries.

Managing Rules

  1. Rules and rule sets are processed in the order they are listed in the SmartRules Editor.
  2. New rules are disabled by default - remember to enable a rule to activate it.
  3. Rules can be enabled or disabled from within the rule editor.
  4. To delete a rule – select the rule set containing the rule, select the rule then click the Remove SmartRule in the right-hand pane. A dialog box appears to confirm the delete.

Changing Rule Processing Order

1. Highlight the Rule or Rule Set
2. Drag-and-drop the rule by holding the mouse pointer down on the double arrow and
moving up or down symbol
The new processing order update is automatically applied to all future email traffic.
Below is an example of changing the rule order:
Before:

After:


Help

The Help section within the SmartRules DLP tab can be used as a quick reference guide, however this
document concisely covers information on SmartRules DLP.

 

EST. TIME TO RESOLUTION

 



    • Related Articles

    • SMX - Maintaining content in Smart Rules

      Revisions Revised by Mike Migalbio Nature of Update Confirmed this is still active process Date of Revision 25/10/2022 HOW TO: SMX - Maintaining content in Smart Rules CUSTOMER DESCRIPTION How do we create templates for Smart rules ENVIRONMENT SMX ​ ...
    • SMX - Smart Rules Basic Concepts

      Revisions Revised by Mike Migalbio Nature of Update Confirmed this is still active process Date of Revision 25/10/2022 HOW TO: Smart Rules Basic Concepts CUSTOMER DESCRIPTION Basic Concepts required for SMX ENVIRONMENT SMX PROCESS Basic SmartRules® ...
    • SMX -How to set up SMX Outbound Smart Rules

      Revisions Revised by Mike Migalbio Nature of Update Confirmed this is still active process Date of Revision 25/10/2022 HOW TO: How to set up SMX Outbound Rules  CUSTOMER DESCRIPTION How can I set up outbound smart rules   ENVIRONMENT SMX  PROCESS ...
    • SMX- How to set up Inbound Smart Rules

      Revisions Revised by Mike Migalbio Nature of Update Confirmed this is still active process Date of Revision 25/10/2022 HOW TO: SMX- How to set up Inbound Smart Rules CUSTOMER DESCRIPTION How do I set up inbound SMX rules   ENVIRONMENT SMX PROCESS ...
    • SMX - How to set up Whaling Protection Rule

      Revisions Revised by Mike Migalbio Nature of Update Confirmed this is still active process Date of Revision 25/10/2022 HOW TO: How to set up Whaling Protection Rule CUSTOMER DESCRIPTION Assistance in setting up whaling for our customer ENVIRONMENT ...