View and Manage Pattern Variables
Click 'Settings' > 'Data Protection Templates' > 'Patterns'
- A 'pattern' is the format used by the type of sensitive data that you want to find. Each pattern consists of an information format and a keyword group.
- For example, the social security number pattern is a name and a 9 digit number in a 3-2-4 format (like '123-45-6789').
- Patterns are used in DLP search rules which you add to a device profile. The rules detect data which matches the pattern.
- See Data Loss Prevention Rules for more about creating and adding rules to profiles
- See Data Loss Prevention Scans for more about running DLP scans and viewing the results
- EM ships with a number of commonly used patterns.
- You can also create custom patterns according to your requirements.
Open the DLP data patterns screen
- Click 'Settings' > 'Data Protection Templates'
- Click the 'Patterns' tab
- The interface shows all available patterns including predefined and custom patterns:
- A keyword group is a list of specific items that EM will search for. For example, the 'Name' group contains a list of common first names. EM ships with a set of pre-defined keyword groups.
- You MUST add keywords to a keyword group or the pattern will not work. For example, you should add all names you want to search for to the 'Names' keyword group.
- You can configure keywords and groups at 'Settings' > 'System Templates' > 'Keyword Variables'
- See View and Manage Keyword Groups for help to manage keyword groups
The following table shows available predefined patterns:
Pattern |
Description |
---|---|
Name with 5 Digit Account Number |
Consists of Keyword Group 'Names' and 5 digit bank account number. |
Name with 6 Digit Account Number |
Consists of Keyword Group 'Names' and 6 digit bank account number. |
Name with 7 Digit Account Number |
Consists of Keyword Group 'Names' and 7 digit bank account number. |
Name with 8 Digit Account Number |
Consists of Keyword Group 'Names' and 8 digit bank account number. |
Name with 9 Digit Account Number |
Consists of Keyword Group 'Names' and 9 digit bank account number. |
Name with 10 Digit Account Number |
Consists of Keyword Group 'Names' and 10 digit bank account number. |
Name with SSN |
Consists of Social Security Number and Keyword Group 'Names'. |
ABA Routing number |
Consists of American Bankers Association (ABA) routing number. This is the nine digit bank code printed in negotiable instruments in the US. |
Date of birth |
Consists of Birth Date. |
Credit Card Number |
Consists of Credit Card Number. |
IP Network |
Consists of IPv4 and IPv6 IP Addresses. Examples: 192.0.2.0/24 198.51.100.0 2001:0db8:85a3:0000:0000:8a2e:0370:7334 2001:db8:1234::/48 |
Network Address |
Consists of URLs, and domain names. Examples: http://domain.name https://domain.name www.domain.name domain.com local.net |
IBAN Code |
Bank account number in International Bank Account Number (IBAN) format. |
MAC Address |
Searches for mac addresses, the unique identifier assigned to network cards. |
Turkish Nationality ID Number | Consists of citizen number of Turkey |
Create a new custom pattern
- Click 'Settings' > 'Data Protection Templates'
- Click the 'Patterns' tab
- Click ‘Create Pattern’
Name - Enter a label for the pattern and click ‘Create’.
The pattern is saved and lets you add pattern types:
General - Click ‘Edit’ and update pattern label if required.
Pattern Elements - Lets you configure the pattern types.
- Click ‘Add Element’
- Click a pattern type to select it
The details of each pattern type is explained above in the table except for the following:
- Keyword – Enter a keyword as a parameter
- Keyword Groups – Select either ‘Names’ or ‘Network Terms’ groups
- Custom Mask – Specify what CCS should search for.
- Select ‘Keyword’ from the ‘Add Element’ drop-down
- Predefined Keyword – Enter a keyword and click ‘Add’
- Select ‘Keyword Groups’ from the ‘Add Element’ drop-down
- Select a group from the drop-down and click ‘Add’
- Select 'Custom Mask' from the 'Add Element' drop-down to specify a custom information type. You can define a sequence of different character types like alphabets, numerals and special characters in the order they appear in the data you want to search.
Use:
'A' in place of any character
'D' in place of a numeral
'L' in place of an alphabet letter
'S' in place of a special character
For example, to define a 7 character vehicle license plate number, you can specify:
'DLLLDDD'
- Match All –
- Enabled – Only the data that match fully with the information type are identified by the rule in which the pattern is used
- Disabled – Data that match partially with the information type are identified by the rule in which the pattern is used
You can narrow down the scope of search by specifying constant characters in place of variables, while adding the pattern to a discovery rule.
Click ‘Add’.
You can add only two pattern elements to a pattern. You can select the pattern when creating DLP discovery rule. See Create DLP Discovery Rules and add them to Profiles for more details.
Rules
The ‘rules’ tab shows the DLP rules that use the pattern.