Brought in a File - Did What

This topic describes how to define alert rule conditions using the options available in the Brought in a File group category in the Did what? section of the Create Alert Rule page. (For more about the Did what? section, see Defining the "Did What?" Conditions.)

This option is available for alert type rules on Windows and Mac-based operating systems.

The Brought in a File option enables you to define an alert rule that will generate an alert for the following entry points:

a file is downloaded from a website/web application
a file it taken form cloud storage sync folder or
an attachment is saved from an email client
By downloading from a website or Web application: An alert is triggered when a file is downloaded from any website or web-application, including webmail, social media sites and file sharing sites.
You can specify the website or web application by:
- All or part of a name of a specific website
- All or part of a website URL
- All or part of a window title
- Website category from the Website Categorization
You can specify which file by:
- Original file name
You can specify the MIP label of the file:
- Original file label
By saving an attachment from an email client: An alert is triggered when an attachment from an email client is saved

You can specify the file you want by:
- Original filename
- File size
You can specify the destination by:
- Destination path
- If the destination is a USB
- If the destination is a sync folder
You can specify MIP label of the file by:
- Original file label
By taking a file from cloud storage sync folder: An alert is triggered when a tracked file is moved or copied from a local cloud storage sync folder, such as Box.

In version 7.10, this option is available for Microsoft Box only.

You can specify the file by:
- Original file name
You can specify the cloud storage sync folder by:
- Vendor name
You can specify MIP label of the file by:
- Original file label

Examples of Creating a Rule for Brought in a File

To create a rule to alert when a file is downloaded from a website or web application

In the Did What? section of the Create Alert Rule page, click the icon to open the list of available options.
Select the Brought in a File option, and click By downloading from website/ web application.

The conditions for defining the alert rule are displayed with default values:

Clicking the downward arrow opens the available options for configuring the condition. After configuration, you can reset the condition to its default value by clicking the link. You can also change the order of defined conditions, by clicking and dragging the icon. To remove a condition, click the icon.
To specify from which website or web application the file was downloaded, accept the default which is Any website/web-application, or click the downward arrow to access options that enable you to define specific website name(s), URLs, Window titles, and/or categories.
1. To specify the Website namefrom which the downloaded file originated, select the relevant operator from the drop-down list and (unless you selected is any name) enter the required website name(s).
  
  You can enter multiple values separated by commas either directly or by clicking the […] icon to open a popup in which you can enter the values. Alternatively, when Lists are supported, you can choose to select a predefined List instead of entering a set of values. By hovering over the values field, two icons appear that enable you to switch between the Values and List modes: or . When List mode is selected, a drop-down list shows all the predefined Public and Private lists that are authorized for this Console User. You can edit the list contents, if required. For details, see Editing Lists.
2. To specify the Website Window Title from which the downloaded file originated, select the relevant operator from the drop-down list and enter part or all of the window title.
3. To specify the Website URL from which the downloaded file originated, select the relevant operator from the drop-down list and enter the URL.
4. To specify the Website category from which the downloaded file originated, select the required operator and (unless you selected is any category) choose the relevant category(ies) from the drop-down list.

To create a rule to alert when a file attachment is saved from an email client

In the Did What? section of the Create Alert Rule page, click the icon to open the list of available options.
Select the Brought in a File option, and click By saving attachment from email client.

The conditions for defining the alert rule are displayed with default values:
To specify the file, you can accept the default which is Any file, or click the downward arrow to access options that enable you to specific which file.
1. To specify the filename before it was attached to the email, select Original file name, select the relevant operator from the drop-down list.)
2. To specify the size of the attached file, select File size (in KBs), select the relevant operator from the drop-down list.
To specify the destination of the file, you can accept the default which is Any destination, or click the downward arrow to specify which destination.
1. To specify the path to which the attachment is saved, select Destination path, select the relevant operator from the drop-down list.
2. To specify whether the file is saved to a USB , select The destination is a USB, select Yes or No.
3. To specify whether the file is saved to a sync folder, select The destination is a sync folder, select Yes or No.