Data Breach Risk Scan - Data Ruleset
Rulesets are groups of regular expressions (regexs) that define a search pattern. In our regexs, we look for patterns of alpha-numeric strings with common keywords to identify data and specifically, Personally Identifiable Information (PII).
The Date Rulesets are selected for the Data Breach Risk Scan in Step 3 of the setup process.
By default, the scan is automatically populated with a range of Data Rulesets for example Credit Cards, International Bank Accounts, Date of Birth etc. designed to search for identifiable information on the device.
Additional Data Rulesets are added via the Add Ruleset button and we have included over 70 pre-defined Rulesets to include in your scan. In the Add Ruleset dialog Choose a pre-Defined Rule.
The Reset All Rules to Default option restores the Data Ruleset section to its original selection. Any added Rulesets are removed and Customized Rulesets are returned to their original values.
Selected Data Rulesets
To allow you to tailor a ruleset to precisely match your requirements we have included the option to create your own bespoke ruleset or customize an existing ruleset.
Add Custom Rule
To create a new Custom Rule, go to the Add Ruleset in Step 3 and choose Add Custom Rule.
In the returned form enter the Ruleset Name, we would suggest providing a meaningful name for easy identification, and choose a Validator to check whether discovered string format is correct from the drop down if required (for example Credit Card).
When creating a Ruleset, you can specify the File Rules. These are used to search files for strings that may be associated with the Rule and are used to identify the target data. Where the File Rule does not find a string match the Rules are not applied. Click Add against the File Rules section, enter the Regular Expression and done to apply, click Add again to add multiple File Rules.
An example of File Rules is a search for an International Bank Account number. The File Rules may search for strings like International Banking Account Number, International Bank Account No or IBAN and if these do not precede the bank account number (as specified in the Rules) then this data is ignored.
Rules contain the information to search for as part of the scan, for example a bank account number of other sensitive information. Click Add against the Rules section, enter a Name, the Regular Expression and done to apply, click Add again to add multiple Rules
Once finished editing the rule click Done to save.
Customize and Edit Rules
Where changes are required for a Data Ruleset these can be achieved by using either the Customize (pre-defined Ruleset) or Edit (custom Ruleset) button. Amend the settings as required and click Done to save.
Important: due to the potential complexity of building a regex pattern, we would suggest that only users with experience of regex attempt to modify or create Data Rulesets. Please note that unfortunately the Technical Support team are unable to support custom or customized regex Data Rulesets.