What is a one sentence summary of your feature request?
add custom content to context detection
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
As an engineer, I need to be able to differentiate between two slightly different text strings clearly in logs.
Today, we have two very important text strings (think TOP SECRET and TOP SECRET INFORMATION) and we need to add those to CAP and have TOP SECRET only hit on TOP SECRET and TOP SECRET INFORMATION only hit on TOP SECRET INFORAMTION. Zach Roy may have better information internally.
How do you currently solve the challenges you have by not having this feature?
We are not able to solve this within Netwrix or our SIEM. We solve it in other tools by using negative look ahead in regex. Given the current opportunities, adding either REGEX or CUSTOM CONTENT as options within the CONTEXT DETECTION section of CAP, we should be able to accomplish the same thing.
Hello Bree,
We are sorry for the delay in our response.
Thank you for all the details provided for this improvement request. Our team will assess the current technical capabilities and we’ll get back to you with a response as soon as possible.
While waiting—we thank you for the patience!
Kind Regards,
Simona
Hi,
Good news — EPP already has the tools to solve this specific use case.
CAP policies include a Regular Expression tab in the content detection section, which supports full PCRE regex syntax — including negative lookahead. This means you can already create two separate rules to distinguish your strings precisely:
You can create regex patterns under Content Aware Protection → Policies → new policy → Policy Denylists → Regular Expression, where you can create, name, test, and apply them.
If you run into any issues setting these up or want to validate the patterns against sample content, our support team would be happy to assist — the regex editor in EPP includes a built-in test field for that purpose.
Hope this helps, and thanks for the detailed write-up.