I need a solution
Using some of our policies, we have noticed that a large number of emails containing a certain attachment have caused a huge spike of false-positives within our DLP system. We have attempted to use the exclusion rule to exclude attachments with certain names but it appears to not check the name but rather just the inside content. How can someone exclude certain attachments by name? (the name is generally the same but with a variety of different types of spelling, so some people place a space between the two words, or a hyphen between them.)
Also, is there a way within DLP to say if the incident has a certain number of hits (say, over 50) to go ahead and not generate an incident and let it go?