Data loss prevention expression building for a DLP engine

What is claimed is: 1. A non-transitory computer-readable storage medium having computer-readable code stored thereon for programming one or more processors to perform steps of: presenting a user interface and receiving an expression including one or more Data Loss Prevention (DLP) dictionaries, a corresponding threshold for comparison, and a selection of one or more logical operators; obtaining the expression including the one or more DLP dictionaries, the corresponding threshold for comparison, and the selection of one or more logical operators via the user interface for a DLP; storing the expression in a database associated with a DLP service; evaluating the one or more DLP dictionaries to a score for comparison with the corresponding threshold, wherein the one or more logical operators are used to combine the evaluation of the one or more DLP dictionaries; monitoring traffic from one or more users; evaluating the traffic using the DLP engine and the expression; and determining a DLP trigger based on a result of the expression that is a logical TRUE. 2. The non-transitory computer-readable storage medium of claim 1 , wherein the user interface includes a tree having one or more levels, and wherein the steps further include presenting an expression preview as the selection is received. 3. The non-transitory computer-readable storage medium of claim 1 , wherein the one or more DLP dictionaries are any of a predefined dictionary and a custom dictionary, wherein the predefined dictionary is managed by a service provider and used for multiple tenants, and wherein the custom dictionary is managed by a tenant and data therein is kept confidential from the service provider. 4. The non-transitory computer-readable storage medium of claim 3 , wherein the one or more DLP dictionaries include at least one predefined dictionary and at least one custom dictionary. 5. The non-transitory computer-readable storage medium of claim 1 , wherein the one or more DLP dictionaries are one of evaluated to a score and evaluated to a confidence level, wherein the score is evaluated through the comparison with the corresponding threshold, and wherein the confidence level is converted to a score for evaluation evaluated through the comparison with the corresponding threshold. 6. The non-transitory computer-readable storage medium of claim 1 , wherein the one or more logical operators are any of a logical AND, a logical OR, and a logical NOT. 7. The non-transitory computer-readable storage medium of claim 1 , wherein the expression includes a plurality of nested levels. 8. The non-transitory computer-readable storage medium of claim 1 , wherein the steps further include responsive to the DLP trigger, performing an action based thereon. 9. A method comprising: presenting a user interface and receiving an expression including one or more Data Loss Prevention (DLP) dictionaries, a corresponding threshold for comparison, and a selection of one or more logical operators; obtaining the expression including the one or more DLP dictionaries, the corresponding threshold for comparison, and the selection of one or more logical operators via the user interface for a DLP engine; storing the expression in a database associated with a DLP service; evaluating the one or more DLP dictionaries to a score for comparison with the corresponding threshold, wherein the one or more logical operators are used to combine the evaluation of the one or more DLP dictionaries; monitoring traffic from one or more users; evaluating the traffic using the DLP engine and the expression; and determining a DLP trigger based on a result of the expression that is a logical TRUE. 10. The method of claim 9 , wherein the user interface includes a tree having one or more levels, and further comprising presenting an expression preview as the selection is received. 11. The method of claim 9 , wherein the one or more DLP dictionaries are any of a predefined dictionary and a custom dictionary, wherein the predefined dictionary is managed by a service provider and used for multiple tenants, and wherein the custom dictionary is managed by a tenant and data therein is kept confidential from the service provider. 12. The method of claim 11 , wherein the one or more DLP dictionaries include at least one predefined dictionary and at least one custom dictionary. 13. The method of claim 9 , wherein the one or more DLP dictionaries are one of evaluated to a score and evaluated to a confidence level, wherein the score is evaluated through the comparison with the corresponding threshold, and wherein the confidence level is converted to a score for evaluation evaluated through the comparison with the corresponding threshold. 14. The method of claim 9 , wherein the one or more logical operators are any of a logical AND, a logical OR, and a logical NOT. 15. The method of claim 9 , wherein the expression includes a plurality of nested levels. 16. The method of claim 9 , further comprising responsive to the DLP trigger, performing an action based thereon. 17. A cloud-based system comprising: a plurality of enforcement nodes each including a micro-processor and a memory connected to one another; a central authority connected to the plurality of enforcement nodes; and a Data Loss Prevention (DLP) service executed between the plurality of enforcement nodes, wherein the DLP service is configured to: present a user interface and receive an expression including one or more Data Loss Prevention (DLP) dictionaries, a corresponding threshold for comparison, and a selection of one or more logical operators; obtain the expression including the one or more DLP dictionaries, the corresponding threshold for comparison, and the selection of one or more logical operators via the user interface for a DLP; store the expression in a database associated with the DLP service; evaluate the one or more DLP dictionaries to a score for comparison with the corresponding threshold, wherein the one or more logical operators are used to combine the evaluation of the one or more DLP dictionaries; monitor traffic from one or more users; evaluate the traffic using the DLP engine and the expression; and determine a DLP trigger based on a result of the expression that is a logical TRUE. 18. The cloud-based system of claim 17 , wherein the one or more DLP dictionaries are any of a predefined dictionary and a custom dictionary, wherein the predefined dictionary is managed by a service provider and used for multiple tenants, and wherein the custom dictionary is managed by a tenant and data therein is kept confidential from the service provider.