> ## Documentation Index
> Fetch the complete documentation index at: https://docs.repacket.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Rules

> Apply advanced controls to safeguard sensitive data

## Overview

The Data Loss Prevention (DLP) feature provides advanced controls to safeguard sensititive data online. Repacket recognizes sensitive data being uploaded to <Tooltip tip="Unapproved platforms are considered to be anything targeted by your Repacket rules.">unapproved platforms</Tooltip> and blocks it.

Today, Repacket enables organizations to detect and take action on a wide variety of sensitive data types.

<CardGroup cols={2}>
  <Card title="Personal Health Info (PHI)" icon="house-medical" color="#07edb5">
    Check employee uploads for any combination of PHI, and block it.
  </Card>

  <Card title="Personal Identifiable Info (PII)" icon="id-card" color="#07edb5">
    Identify any level of PII in uploads, from basic information to SSNs.
  </Card>

  <Card title="Sensitive Financial Info (PCI/CFI)" icon="money-bill-wave" color="#07edb5">
    Repacket can recognize cardholder information and other sensitive corporate financial info.
  </Card>

  <Card title="Everything Else" icon="sparkles" color="#07edb5">
    Use Repacket to protect sensitive information of any kind - trade secrets, ITAR/EAR data, CUI, and more.
  </Card>
</CardGroup>

## How It Works

The DLP system operates by analyzing traffic based on the configured rules and applying specified actions when sensitive data is detected. Rules can be tailored to specific applications, users, and analysis types.

<Frame>
  <img src="https://mintcdn.com/repacket/eMq1cOxZFGZakRWs/images/dlp-rule-form.png?fit=max&auto=format&n=eMq1cOxZFGZakRWs&q=85&s=eec94156d85dd33023e0d0f4b5edc957" alt="DLP rule form configuration" width="1976" height="2548" data-path="images/dlp-rule-form.png" />
</Frame>

## Creating DLP Rules

<Steps>
  <Step title="Navigate to DLP Settings">
    Go to the [Data Loss Prevention](https://app.repacket.com/dlp) section in your Repacket dashboard.
  </Step>

  <Step title="Create a new rule">
    Click the "Create new rule" button in the top right corner.
  </Step>

  <Step title="Name your rule">
    Give your rule a descriptive name (e.g., "Block Healthcare Upload to ChatGPT").
  </Step>

  <Step title="Select matching rules">
    Select what traffic properties or [categories](/config/categories) this should apply to.
  </Step>

  <Step title="(Optional) Select specific users">
    Select users that this rule should or shouldn't apply to.
  </Step>

  <Step title="Select Analysis Type">
    We suggest applying "Text and Uploads" for all rules to target plaintext and file-based content.
  </Step>

  <Step title="Select an action">
    Select Allow, Warn or Block based on your security policy.

    Warn actions can be configured to show a custom template, suggesting a company-approved alternative, for instance.
  </Step>

  <Step title="Save Your Rule">
    Apply your changes to enforce the new DLP rule across your network.
  </Step>
</Steps>

## Best Practices

<AccordionGroup>
  <Accordion title="Start with Critical Applications">
    Begin by applying DLP rules to high-risk applications like AI assistants and file sharing platforms.
  </Accordion>

  <Accordion title="Use Warn Mode Initially">
    Consider starting with Warn mode to understand detection patterns before moving to Block mode.
  </Accordion>

  <Accordion title="Create Role-Based Exceptions">
    Define exceptions based on job roles rather than individuals when possible for easier management.
  </Accordion>
</AccordionGroup>

## Related Features

<CardGroup cols={2}>
  <Card title="AI Filters" icon="sparkles" href="/modules/dlp/ai-filters">
    Configure AI-powered detection filters for sensitive data
  </Card>

  <Card title="Patterns" icon="magnifying-glass" href="/modules/dlp/patterns">
    Configure pattern-based detection for sensitive data
  </Card>

  <Card title="Testing" icon="flask" href="/modules/dlp/testing">
    Test DLP filters against uploaded files before enforcing in production
  </Card>
</CardGroup>