Hi @eduardo ,

As you might already have guessed, you have multiple options here. I'll try my best to give you an unbiased overview of what's possible, but pleas note that I work for Polymetis Apps, one of the vendors in this space. 

First of all, the Atlassian product in this space is Guard Premium. It's unfortunately not in the box, but rather an additional product you have to buy on-top of Confluence. What it does well is checking for anomalous activity, ie users suddenly opening dozens or hundreds of pages – which could indicate abuse/exfiltration of data. It does offer content scanning for Confluence, but does not check for a lot of content types out of the box. It also does not scan attachments.

Second, there is the Atlassian marketplace where you should be able to look for "DLP" apps, ie apps that offer "Data Leak/Loss Prevention". Here's a search. When it comes to apps, I would look for vendors that you feel you can trust first, especially if their product is not on Forge or allows data egress. Badges like Cloud Fortified are a good indicator, as is a comprehensive Privacy & Security tab.
The exact feature sets of the apps on offer do vary, mostly in the available detections out-of-the-box, whether attachments are in scope or not, and overall how the configuration is set up. My personal favorite is PII Protection and DLP for Confluence, but I also work on that app. Fundamentally though, the three or four bigger apps you'll find are all pretty capable. 

Third, there's the option of going off-marketplace and talk to a dedicated DLP vendor like nightfall.ai or strac.io which offer integrations into Confluence. You would typically only opt for one of those as part of an overall DLP strategy, where you use their product not just for Confluence, but also for other tools. 

Anyway, I hope that helps. If you have any more questions let me know or book a call! 

Best regards,
 Oliver from Polymetis Apps

Hi @eduardo and welcome to the Community!

Are you on Cloud or on Data Center with your Confluence?

The Cloud version of our tool Data Protection and Security Toolkit can trigger rules by "content event". That means, as soon as someone enters anything that matches your set rule, it can be processed – for example removed – immediately.

Rules use regular expressions to find matches. So if there is some pattern which all passwords have to adhere to, they could be found with our app. If not, you could still use related terms to perform the same search.

If you'd like to see how it works, please schedule a 1:1 demo here: https://actonic.de/app-demo

Best,
Andreas

Welcome @eduardo 

Out of the box, if you have the Atlassian Guard Premium, it gives you alerts that there are some sensitive information being added to Confluence. As an alternative, I would recommend Data Encryption for Confluence: https://marketplace.atlassian.com/apps/1235581/data-encryption-for-confluence