Skip to content

Rules

You can create custom rules and manage them along with system-provided rules. Discovery uses these rules for applying classifications by executing the conditions in each rule. The output tag associated with the processed rule is applied to the resource as the final tag.

The generation of tags depends on the order of the rules. See Processing Order of Scan Techniques and Reorder Structured Rules.

Types of Rules#

The following types of rules can be created on the Rules tab:

  • Structured

  • Unstructured

  • Post-processing

You can also create rule mappings.

Example of Rules and Classifications#

Based on the tags found in a structured or unstructured rule or a table in various columns, we can assign a tag to the file or the table. This is an AND conditions of output tags. For example, you can set multiple rules as follows:

  1. If a file has PERSON_NAME AND EMAIL AND SSN, tag as PII.

  2. If a file has USER_ID AND GEO, tag as SENSITIVE.

  3. If a file has USER_ID AND IP, tag as SENSITIVE.

Structured Rule#

You can filter the list of structured rules using the search rule option.

To create a structured rule:

  1. On the Privacera home page, on the left, expand the Discovery menu and click Rules.

  2. Click Structured and then click + Create Rule.

    The Create Rule dialog is displayed.

  3. Enter the following details:

    • Name (required): Name of the rule.
    • Description: Description of the rule.
    • Must Have (required): This field populates the list of Dictionaries, Patterns, and Model. You can select the value(s) which needs to be added under Must Have field.
    • Must Not Have: This field populates the list of Dictionaries, Patterns, and Model. You can select the value(s) which needs to be added under Must Not Have field.
    • Score Type: Score type.
      • Auto: If the rule is applied, the resource is classified as System.
      • Review: if the rule is applied, the resource is classified as Pending Review.
    • Tags (required): The tags associated with the rule.
    • Key For Samples (required): The keys from the objects in the Must Have drop-down.
    • Enable: The rule is enabled or disabled.
    • Actions: Edit or delete the rule.
    • Rule preview: Displays a preview of the rule.
  4. Click Save.

The structured rule is created.

Reorder Structured Rules#

Rule order decides the priority of the rules applied during classification.

To reorder rules:

  1. Click Reorder.
  2. Rearrange the rules into the desired sequence by dragging and dropping them up or down.
  3. Click Save Order.

Unstructured Rules#

You can filter the list of unstructured rules using the search rule option. 

To create an unstructured rule:

  1. On the Privacera home page, expand the Discovery menu and click Rules from left menu.

  2. Click Unstructured and then click + Create Rule.

    The Create Rule dialog is displayed.

  3. Enter the following details:

    • Rule Name: Name of the rule.

    • Description: Description of the rule.

    • Must Have: A list of Dictionaries, Patterns, and Model. You can select the values to add.

    • Must Not Have: A list of Dictionaries, Patterns, and Model. You can select the values to add.

    • Word Proximity: Name of a pattern to identify sensitive information within the specified number of words.

    • Key order strict: Whether key order is strictly followed.

    • Enable: The rule is enabled or disabled.

    • Actions: Edit or delete the rule.

    • Rule preview: Displays a preview of the rule.

  4. Click Save.

The unstructured rule is created.

Rule Mapping#

You can filter the list of rule mappings using the search rule option.

To create a rule mapping:

  1. On the Privacera home page, expand the Discovery menu and click Rules from left menu.

  2. Click Rule Mapping and then click + Add Mapping.

The Add Keytag mapping dialog is displayed.

You can add multiple keys and tags on by clicking the + sign.

  1. Select the following details:

    • Key Name: Key name of the rule.

    • Tag Name: Tag name of the rule.

    • Actions: Edit or delete the rule mapping.

  2. Click Save.

The rule mapping is created.

Export Rules and Mappings#

To export the rule file in JSON format for structured rule:

  1. On the Privacera home page, on the left, expand the Discovery menu and click Rules.

  2. Click Export.

The rule file is exported.

Import Rules and Rule Mapping#

To import a JSON-format rule file for structured rule:

  1. On the Privacera home page, on the left, expand the Discovery menu and click Rules.

  2. Click Import.

    The Import dialog is displayed.

  3. Browse and select the JSON file.

    • Clean Previous: Deletes all existing rules are deleted during import.
  4. Click Save.

The rule file is imported.

Post-processing in Realtime and Offline Scans#

With post-processing, the data is scanned and then the rules are applied on the tagged data in multiple passes. Post-processing can be used with both real time and offline scans. Based on the output tags of the rules applied after the initial scan, with post-processing you can add additional tags on the parent or child data resources.

Post-processing rules should be applied after datazone and tag propagation is done.

For example, after the initial scan of a structured or unstructured file or columns within a  table, Discovery will identify the data and classify them with tags based on the rules. After the initial scan has tagged various columns within a table or a file, you can use post-processing rules to assign additional tags to the file or the parent table.

To enable the post-processing option:

  1. Navigate to Setting > System Configuration.
  2. Search for the property privacera.portal.rules.post_process.enable=false (default false).
  3. Set the property to true.

Example of Post-processing Rules on Tags#

  1. On the Privacera Portal, on the left, select Rules.

  2. On the Rules page, select Post-Processing.

  3. Create a new rule with the following condition:

    If PERSON_NAME and SSN are found, apply the SENSITIVE tag.

  4. Rescan the file to apply the post-processing rules.

You can see the fields are now classified as ‘SENSITIVE’ and the tag is applied in the unformatted view.

List of Structured Rules#

The following is a list of the Privacera-supplied structured rules. The name of a pattern in general describes the purpose of the pattern. For precise details, look at the pattern itself in the Platform UI.

  • Australia Bank Account Number
  • Australia Bank BSB code
  • Australia Driver License
  • IBAN Rule
  • rule_auto_1P
  • rule_auto_2P
  • rule_auto_3P
  • rule_auto_4P
  • rule_auto_5M
  • rule_auto_6M
  • rule_auto_7M
  • rule_auto_8M
  • rule_auto_9M
  • rule_biometric
  • rule_biometric_keyword
  • rule_cc
  • rule_city_name
  • rule_criminal_keyword
  • rule_dob
  • rule_email
  • rule_ethnicity_keyword
  • rule_gps
  • rule_gps_6_digit
  • rule_medical_keyword
  • rule_national_id
  • rule_password
  • rule_person_name
  • rule_phonenumber
  • rule_pii_id_keyword
  • rule_political_keyword
  • rule_religion_keyword
  • rule_sexual_orientation_keyword
  • rule_ssn_4_digit
  • rule_ssn_9_digit
  • rule_ssn_strict
  • rule_ssn_strict_fallback
  • rule_state_name
  • rule_street_address
  • rule_tax_id_9_digit
  • rule_tax_id_strict
  • rule_trade_union_keyword
  • Rule US ABA Routing Number
  • Rule US ABA Routing Number 2
  • rule_us_dlicense_keyword
  • rule_us_zip
  • rule_viewership_keyword
  • rule_web_keyword
  • SWIFT BIC Bank ID rule
  • SWIFT BIC Bank ID Rule 2
  • UK Driver License Rule
  • UK Electoral Roll number
  • UK NHS Rule
  • UK NHS Rule 2
  • UK NINO Rule
  • UK NINO RULE 2
  • UK Phone Number Rule
  • UK Postal Code
  • UK Postal Town
  • UK US Passport

Last update: October 6, 2021