Special pattern tests

You can use these special pattern tests to identify sensitive data that is contained in the traffic that flows between the database server and the client.

Each policy rule can include a single special pattern test. To use one of these tests, begin the rule name with one of the special pattern test names, followed by a space and one or more additional characters to make the rule name unique For example, if you are searching for Social Security numbers of your employees, you could name the rule guardium://SSEC_NUMBER employee. You can still specify all other components of the rule, such as specific client and server IP addresses.

These tests match a character pattern, and that match does not guarantee that the suspected item, such as a Social Security number, has been encountered. There can be false positives under a variety of circumstances, especially if longer sequences of numeric values are concatenated in the data.

guardium://CREDIT_CARD

Detects credit card number patterns. It tests for a string of 16 digits or for four sets of four digits, with each set separated by a blank. This special pattern test also works with American Express 15-digit credit card number patterns (first digit 3 and second digit either 4 or 7). For example: 1111222233334444 or 1111 2222 3333 4444

When a rule name begins with "guardium://CREDIT_CARD", and there is a valid credit card number pattern in the Data pattern field, the policy uses the Luhn algorithm, a widely-used algorithm for validating identification numbers such as credit card numbers, in addition to standard pattern matching. The Luhn algorithm is an additional check and does not replace the pattern check. A valid credit card number is a string of 16 digits or four sets of four digits, with each set separated by a blank. There is a requirement to have both the guardium://CREDIT_CARD rule name and a valid [0-9]{16} number in the Search Expression box in order to have the Luhn algorithm involved in this pattern matching.

guardium://PCI_TRACK_DATA
Detects two patterns of magnetic stripe data. The first pattern consists of a semi-colon (;), 16 digits, an equal sign (=), 20 digits, and a question mark (?), such as:
;1111222233334444=11112222333344445555?
The second pattern consists of a percent sign (%), the character B, 16 digits, a carat (^), a variable-length character string terminated by a forward slash (/), a second variable-length character string terminated by a carat (^), 31 digits, and a question mark (?), such as:
%B1111222233334444^xxx/xxxx x^1111222233334444555566667777888?
guardium://SSEC_NUMBER

Detects numbers in Social Security number format: three digits, dash (-), two digits, dash (-), four digits, such as 123-45-6789. The dashes are required.

guardium://CPF
The Cadastro de Pessoas Físicas (CPF), a Brazilian personal identifier. It contains 11 digits of the format nnn.nnn.nnn-nn, where the last two digits are check digits. Check digits are computed from the original nine digits to provide verification that the number is valid. The formatting characters within the expression are optional. If there is a match on the expression, the check digits are validated.
guardium://CNPJ
Cadastro Nacional de Pessoas Jurídicas (CNPJ), an identification number used for Brazilian companies. It contains 14 digits of the format 00.000.000/0001-00 where:
  • The first eight numbers show the registration.
  • The next four numbers identify the entity branch. 0001 is the default value for head quarters.
  • The last 2 numbers are the check digits.
The formatting characters within the expression are optional. If there is a match on the expression, the check digits are validated.