Skip to content

Content Scanning Policies

CyberEdge content scanning policies are used to evaluate network traffic to assist in managing the integrity and protection of digital environments. These policies operate by examining the content of network traffic and comparing it against a series of predefined content scanning policies. When traffic matches the criteria of a policy, the policy dictates specific actions, such as restricting access or reporting an event for further inspection. By implementing content scanning policies, CyberEdge can detect and mitigate potential threats while also providing comprehensive user-based reporting on possible welfare issues.

An important aspect of the content scanning policy stack is that policies are processed in a top-down order, which will result in the first matching policy being triggered.

Warning

Before enabling content scanning, it is necessary to deploy the client certificate on devices that require HTTPS inspection; otherwise, applications will experience certificate errors in the browser and prevent its use

Scanned Applications

Content scanning supports various Internet-based applications. The following outlines the supported applications and browsers:

  • Google Search: Google search - (Supported web browsers Chrome, Safari, FireFox, Edge)
  • Bing Search: Bing search - (Supported web browsers Chrome, Safari, FireFox, Edge)
  • DuckDuckGo Search: DuckDuckGo search - (Supported web browsers Chrome, Safari, FireFox, Edge)
  • Wikipedia Search: Wikipedia search - (Supported web browsers Chrome, Safari, FireFox, Edge)

In certain cases, mobile devices like Apple iOS/iPadOS and Android may use certificate pinning within the app versions of search applications. Therefore, it is strongly recommended that end users utilize the browser only to avoid HTTPS inspection issues and the inability to content scan search traffic.

User Actions

Content scanning supports several user actions that can be defined per policy. The user action options include;

  • Search: The search action of the supported scanned applications

Important note

Leaving the user action field empty in a policy will result in all user actions being scanned

Policy Actions

Content scanning supports several policy actions that can be defined for each policy. The available policy action options include;

  • Block & Record: This action will block access and generate a reporting event when content matches the criteria of a configured content scanning policy. A block page will be shown to the user.
  • Record Only: This action will generate a reporting event only when content matches the criteria of a configured content scanning policy. No block page will be shown to the user.
  • Email Notification: Email alert notification events can be sent to one or more users when content matches the criteria of a configured content scanning policy. These email notifications are a sub-action and are not a mandatory configuration option.

Note

  • For email alerts, consider limiting notifications to specific policies only to prevent excessive volumes of emails, which may be difficult for users to manage and act upon
  • It is recommended to use distribution group email addresses for email alert notifications. This approach ensures visibility to multiple users, reducing the likelihood of actionable alerts being missed

Create/Edit a Policy

To create or edit a content scanning policy navigate to;

  1. Content Scanning > Policies > Content Scanning Policies
  2. Click "Add"
  3. Enter the following;
    • Name: The name of the policy. The policy name is displayed throughout the user interface and within content scanning reports.
    • Description: A description for the policy
    • Groups: The user group to which the policy should be applied
    • Sources: The source applications to be scanned for this policy
    • User Action: The user action to be assigned to the policy. Leaving this field empty will result in all user actions being scanned
    • Word List: The word and phrases list to assign to this policy. Pattern lists may include the CyberEdge provided word lists or user created custom lists. See pattern lists for more information
    • Action: The action to be applied when the policy is matched
    • Send email to: The email address to be sent alert notifications when the policy is matched
  4. Click "Save" and "Apply" changes

CSpolicy

Disable a Policy

To disable a content scanning policy navigate to;

  1. Content Scanning > Policies > Content Scanning Policies
  2. Find the policy to disable and click "Edit"
  3. Click "Disabled"
  4. Click "Save" and "Apply" changes

The content scanning policy will no longer be scanned by the content scanning engine.

Delete a Policy

To delete a content scanning policy navigate to;

  1. Content Scanning > Policies
  2. Find the policy to delete and click the "delete" icon
  3. Click "Save" and "Apply" changes

Deleing a content scanning policy cannot be undone.