Rule Criteria

This topic describes classification rule criteria.

The rule criteria displayed in the Discover Sensitive Data interface reflect the datasource-type defined for the scenario. Not all classification rule criteria are available for all datasource types. For example, the Relational (SQL) datasource type includes rule criteria for Compare to values in SQL while the Document datasource type does not.

Table 1.
Attribute Description
Table type Select one or more table types to search: Synonym, Table, or View. Table is selected by default.
Collection type Select one or more collection types to search: Collection or View. Collection is selected by default.
Data type Select one or more data types to search: Number, Text, or Date. Number and Text are selected by default.
Search expression Optionally enter a regular expression to define a search pattern to match. To test a regular expression, click the RE button to open the regular expression editor.
Table name like Optionally enter a specific name or wildcard pattern. If omitted, all table names are selected.
Collection name like Optionally enter a specific name or wildcard pattern. If omitted, all collection names are selected.
Column name like Optionally enter a specific name or wildcard pattern. If omitted, all column names are selected.
Field name like Optionally enter a specific name or wildcard pattern. If omitted, all field names are selected.
Continue on match If the next rule in the classification policy should be evaluated after this rule is matched, mark the Continue on Match checkbox. The default is to stop evaluating rules once a rule is matched.
One match per column When continuing after a match, evaluate subsequent rules only on columns not matched by a previous rule.
One match per field When continuing after a match, evaluate subsequent rules only on fields not matched by a previous rule.
Calculate confidence score Calculate confidence score during scanning. It is calculated as hits/sample size. Calculating a confidence score impacts the performance of the scan.
Search wildcard Optionally enter a specific value or a wildcard pattern. If omitted, all values are selected.
Minimum length Optionally enter a minimum length. If omitted, there is no limit.
Maximum length Optionally enter a maximum length. If omitted, there is no limit.
Evaluation name Optionally enter a fully qualified Java™ class name that has been created and uploaded. The Java class will then be used to fire and evaluate the string.
Note: There is no validation that the class name entered was loaded and conforms to the interface.
Fire only with marker

The Fire only with marker allows for the grouping of classifier rules: rules with the same marker fire at the same time. Additionally, all returned rules using a marker must return data based on the same table or collection name. If two or more rules are defined with the same marker, those rules will fire together such that if both rules fire on the same table or collection they will both be logged and their actions invoked. On the other hand, if only one rule fires on a table or collection then neither of the rules will be logged or have their actions invoked. Being able to have multiple rules fire together becomes important when you care about sensitive data appearing together within the same table or collection. For example, you may want to know when a table or collection has both a social security number and a Massachusetts drivers license.

The fire only withMarker is a constant value, can be named to any value, and must have the exact same value across the rules you want grouped. This means that if one rule has a marker of ABC then the other rule that you want to group it with must also have a marker named ABC.

The Fire only with Marker also interacts with the Continue on Match flag. For example, if the following rules were defined such that Rule 3 does not match the Continue on match then no results will be returned regardless if all three marker rules were positive. This is because you didn't get to run Rule 4 and the grouping will not fire because all Fire only with markers must execute with positive results.

Rule 1. Firemarker rule ABC (continue on match)

Rule 2. Firemarker rule ABC (continue on match)

Rule 3. Firemarker rule ABC (continue on match)

Rule 4. Firemarker rule ABC (continue on match)

Hit percentage Optionally enter a percentage of matching data that should be achieved for this rule to fire. Data is returned if the percentage of matching data examined is greater than or equal (>=) then the percentage value entered, noting that an empty entry means it is not a condition and will not affect whether the rule fires or not and return data to the view screen. A 0 percentage will cause the rule to fire for this condition and return data to the view screen, and a percentage of 100 requires that all must match.
Compare to values in SQL Optionally enter a SQL statement. The SQL entered, which must be based on returning information from one and only one column, will then be used as a group of values to search against the tables and columns selected.
Note: If used, the Compare to values in SQL should observe the following rules:
  • The SQL statement MUST begin with SELECT.
  • The SQL statement SHOULD NOT utilize the ; (semi-colon).
  • The SQL entered MUST specify a schema value name in order to be accurate in returning results.
  • Good examples:
    SELECT ename FROM scott.emp
    select EMPNUMBER from SYSTEM.EMP where EMPNUMBER in(5555,4444) 
    select DNAME from SCOTT.DEPT where DNAME like 'A%G' 
    SELECT ZIP from SCOTT.FOO where ZIP in (SELECT ZIP FROM SCOTT.FOO)
    
Compare to values in group Optionally select a group. The group selected will then be used as a group of values to search against the tables and columns selected. As long as one of the values within a group, that is either a public or a classifier group, matches, then the value rule will return data.
Show unique values Mark the Show Unique Values checkbox to add details on what values matched the classification policy rules to the comments field of the resulting report. The row count for each match is indicated in parenthesis following the value. For example, 3 matched distinct values
[662(1), 436(3), 629 (27)]
Unique values mask Use regular expressions in the Unique values mask field to redact the unique values. For example, mark the Show unique values checkbox and use ([0-9]{2]-[0-9]{3})-[0-9]{4} in the Unique values mask field to log the last four digits and redact the prefix digits.
Exclude schema Optionally select a group of schema to exclude.
Exclude table Optionally select a group of tables to exclude.
Exclude table column Optionally select a group of table columns to exclude. The following wildcard character is supported: %