What to discover

Create policies consisting of rules and rule actions for discovering and classifying sensitive data.

About this task

Classification policies contain ordered sets of rules and rule actions that identify and take actions on sensitive data. Each rule in a policy defines a conditional action that is taken when the rule matches. The conditional test can be simple, for example a wildcard string found anywhere in a table or collection, or a complex test that considers multiple conditions. For discover sensitive data scenarios, the action triggered by a rule can be a grouping action that adds the matches to a specified group or an alerting action that triggers a notification. Multiple grouping and alerting actions can be combined and ordered to create sophisticated responses to matched rules.

This task guides you through the processes of creating and editing classification rules and rule actions for use in your discovery scenario.

Procedure

  1. Open the What to discover section to define rules for discovering data.
  2. Use the Language menu to filter rule templates by the selected language and countries where the selected language is a national language.
    Templates for universal patterns like credit card numbers and email addresses are displayed for all Languge menu selections.
  3. Add rules to your discovery scenario or edit existing rules by doing one of the following:
    • Click the create new rule icon to create a new rule.
    • Select rules from the Classification Rule Templates table and click the copy rule template icon to add predefined rules.
    • Click the edit rule icon to edit an existing rule.
  4. When adding or editing classification rules, use the following procedure.
    1. Select a Rule type based on the type of search being performed.
      • Search for data matches specific patterns or values in the data.
        The following data types are supported when searching for data:
        BIGINT NUMERIC
        CHAR NVARCHAR
        DATE NVARCHAR2
        DECIMAL REF
        DOUBLE SMALLINT
        FLOAT TIME
        INTEGER TIMESTAMP
        LONGVARCHAR TINYINT
        NCHAR VARCHAR
        NUMBER VARCHAR2
      • For relational-type datasources, Catalog search matches table or column names in the database. For document-type datasources, Catalog search matches collection or field names in the database.
        The following data types are supported for catalog searches.
        ARRAY FLOAT RAW
        BIGINT INTEGER REAL
        BINARY LONG REF
        BIT LONG RAW SMALLINT
        BLOB LONGVARBINARY STRUCT
        BOOLEAN LONGVARCHAR TIME
        CHAR NCHAR TIMESTAMP
        CLOB NUMBER TINYINT
        DATE NUMERIC VARBINARY
        DECIMAL NVARCHAR VARCHAR
        DOUBLE NVARCHAR2 VARCHAR2
      • Search for unstructured data matches specific values or patterns in an unstructured data file, for example CSV, TXT, or CEF files. Search for unstructured data rules only work with datasources using the database type TEXT.
    2. Provide a name and description while optionally specifying a special pattern test at the beginning of the Name field. The rule name will also be used to name the rule associated with the classification policy in the Classification Policy Builder. If you require a special pattern test, it is recommended that you work with its corresponding template (for example, use Bank Card - Credit Card Number for credit card numbers).
    3. Open the Rule Criteria section to define a regular expression and other search criteria for the rule. If you are working with a rule template, an appropriate regular expression is provided by default.
      Attention: For rules created in the discover sensitive data scenario, the default Data type includes both Number and Text.
    4. Open the Actions section and define any rule actions that should be taken when rule criteria match.
    5. When defining multiple rule actions, you can optionally click the reorder rule actions icon and use the up arrow and down arrow icons to change the order in which the actions are executed.
      Note: The Ignore and Log result rule actions cannot be combined with other rule actions and must be used as the only action in a rule. The Log policy violation rule action can only be used once in a rule.
    6. Click Save when you are finished adding or editing rule definitions to return to the What to discover section of the discovery scenario.
  5. Optionally click the reorder rules icon and use the up arrow and down arrowicons to change the order in which rules are applied. Rule order is important as the default behavior stops rule execution after the first match unless Continue on match is selected under Rule criteria.

What to do next

Continue to the next section of the discovery scenario, Where to search.