摘要 |
A content monitoring system applies policies to data transfers, and adapts the policies based on violations. Each policy includes a rule that detects violations and actions performed when the rule is violated. Policies may be adapted by, for example: enabling an inactive policy; modifying a parameter within a rule or an action; generating a new policy by combining a policy macro with the violating content block or with associated meta-data, for example, a user ID or IP address. An optional rolling buffer can be used to hold the most recent transfers, and newly adapted policies can be reapplied to the buffered content. Some content blocks are reassembled from a stream of terminal control protocol (TCP) packets that are transferred across a network barrier point. Other content blocks come from writes to removable media. Some content must be decoded, for example, a word processor file.
|