Supervision - Configure Lexicons

Updated

This guide describes how administrators can configure Supervision lexicons to search for text or phrases in messages that could be considered non-compliant.

Listing the Lexicons

You can choose to move ahead without a lexicon if you wish to monitor messages based on random sampling only.

To list the lexicons:

  1. Log on to the Administration Console.
  2. Navigate to Archive | Supervision menu item. The Lexicon tab is displayed by default.

The list displays information about the lexicon's configuration and version. Each time a lexicon is updated, the version number increases by one, and the action is audited.

Adding a Lexicon

To add a lexicon:

  1. Click on the Create New Lexicon button.
  2. Complete the Lexicon Details dialog as follows:
Field / Option Description
Name Specify a lexicon name.
Description Specify a lexicon description.
  1. Click on the Next button.
  2. Select either an Advanced or Basic Search type:
    • Advanced - complete the Query dialog as follows:
  • A combination of 500 terms and search keys can be entered.
  • Mimecast does not index stop words, this should be considered when configuring Lexicons, as it may lead to false positives. You can find the list of stop words that are not indexed here.

 

Field / Option Description
Query Enter a combination of terms and search keys to populate the review queue.
Condition Description
space Includes results containing all the entered words (e.g., word1, word2, word3, AND word4)
AND
OR Includes results containing any entered words (e.g., word5 OR word6).
!

Includes results containing words not prefixed by !, but excludes those containing words prefixed by ! (e.g., word7 !word8).

The search keyword must have a minimum of three characters when using the ! condition. For example:

  • !abc 123 works as it contains over three characters.
  • !a doesn't work as it only contains one character.
? Includes results if a word matches the? matches any character (e.g., w?rd returns word and ward).
* Includes results if there are zero or more characters at the end of words (e.g., bet* returns bet, betting, better).
"" Includes results for a phrase or display names (e.g. “James Smith").
:SUB: Includes results where the search keywords are found in the message's subject (e.g. :SUB:word8 OR word9)
:MSGB: Includes results where the search keywords are found in the message's body (e.g. :SUB:word8 AND :MSGB:word10)
:ATTN: Includes results where the search keywords are found in the file name of a message's attachment (e.g., word11 AND:ATTN:)
:ATTC: Includes results where the search keywords are found in the content of a message's attachment (e.g., word11 AND :ATTC:)
:ATTT: Includes results where the search keywords are found in the file type of a message's attachment (e.g., word11 AND : ATTT:)


You can combine exclude with other conditions, for example:
!(: ATTN:Attachments_001.docx) - To exclude attachment name
!(:ATTC:word10) - To exclude attachment content
!(:ATTT:docx) - To exclude attachment type
 

You can include two or more of the :SUB:, :MSGB:, :ATTN:. :ATTC:, or :ATTT: conditions in your search, by ensuring they are separated by a comma and located inside two : characters (e.g., word12 AND :SUBJ, MSGB:). Notice that the : character is not needed after the first condition.
  • Basic: complete the Words and Phrases dialog as follows:

Multiple words/phrases must be entered on separate lines. A combination of 250 words and phrases can be entered.

Field / Option Description
Words Enter the keywords you want to find in messages to populate the review queue.
Phrases Enter phrases you want to find in messages to populate the review queue.
  1. Click on the Next button.
  2. Check that Lexicon's configuration is correct.
  3. Click on the Create Lexicon button.

Changing a Lexicon

Lexicon changes don't take effect until their next run, as specified in its schedule. To change a lexicon:

  1. Click on the Lexicon.
  2. Click on the Edit button in the slide-out panel.
  3. Change the Lexicon details as required.
  4. Click on the Next button.
  5. Change the search types as required:
    • Advanced: change Query terms.
    • Basic change Words and Phrases.
  1. Click on the Save & Close button.

Using Proximity Search Criteria

You can find terms near your search criteria using a proximity search term. Search Terms used for proximity only highlight matches in a message's subject, message body, and attachment name. Take the following examples:

Search Criteria Description
NEAR(10, word1, word2) Searches for a “word1” and “word2" with up to a maximum distance of 10 words between them. Both words must be present.
(word1, word2)~10
NEAR(15, word1, word2, word3) Searches for a “word1” and “word2" and “word3” with up to a maximum distance of 15 words between them. All three words should be present.
(word1, word2, word3)~15

Ordering is based on the Levenshtein distance. If your terms are swapped compared to how they appear in the document, you must specify double the distance. For example, if the text is "Your request for files was sent":

  • (request, files)~2 matches
  • (files, request)~2 doesn't match
  • (request, files)~2 OR (files, request)~2 matches
  • (files, request)~4 also matches but is less accurate than (request, files)~2 OR (files, request)~2

See Also...

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.