Creating and managing custom sensitivity rules

Required license: Enterprise

Required global permission: Create and manage sensitivity rules

Not available on Structural Cloud

By default, when you run a Structural security scan on a workspace, it looks for the built-in sensitivity types.

You can also define custom sensitivity rules to identify other values and the corresponding recommended generator. Your data might include values that are specific to your organization.

Each custom sensitivity rule specifies:

  • The data type for matching columns

  • Text matching criteria for the names of matching columns

  • The recommended generator preset

Displaying the list of custom sensitivity rules

To display the current list of sensitivity rules, in the Tonic navigation menu, click Sensitivity Rules.

For each rule, the list includes:

  • The rule name and description

  • The recommended generator preset

  • When the rule was most recently modified

Filtering the rules

You can filter the rule list by the following:

  • Rule name

  • Rule description

  • Generator preset name

  • Name of the user who most recently updated the rule

In the filter field, start to type text from any of those values. As you type, the list is filtered to only include matching rules.

Note that when the list is filtered, you cannot change the display sequence of the rules.

Setting the rule sequence

Structural applies the rules based on their display order in the list.

If a column matches more than one rule, Structural applies the first matching rule.

To change the display order of a rule, drag and drop it to the new location in the list.

Note that you cannot change the rule sequence when the list is filtered.

Creating and editing a sensitivity rule

Creating a sensitivity rule

To create a sensitivity rule:

  1. On the Sensitivity Rules view, click New Custom Rule.

  2. On the Create Custom Rule panel, configure the new rule.

  3. Click Save.

Editing a sensitivity rule

To change the configuration of a sensitivity rule:

  1. On the Sensitivity Rules view, click the edit icon for the rule.

  2. On the Edit Custom Rule panel, update the configuration.

  3. Click Save.

Note that any changes to a sensitivity rule do not take effect until the next sensitivity scan.

Sensitivity rule configuration

Rule name and description

In the Name field, type the name of the sensitivity rule. The rule name becomes the sensitivity type for matching columns. The rule name must be unique, and also cannot match the name of a built-in sensitivity type.

Optionally, in the Description field, type a longer description of the sensitivity rule.

Data type

From the Data Type dropdown list, select the data type for matching columns. For example, a rule might only be used for columns that contain text.

The available data types are general types that will map to specific data types in a given database. The available types are:

  • Array

  • Binary

  • Boolean

  • Continuous Numerical

  • Date Range

  • Datetime

  • Integer

  • JSON

  • MAC Address

  • Network Address

  • Text

  • UUID

  • XML

Column name criteria

Under Column Name Match, provide the criteria to identify matching columns based on the column name.

Note that a matching column must match the data type and the column name criteria.

Configuring text matching conditions

When you provide a list of text matching conditions, a matching column must match all of the conditions. In other words, the conditions are joined by AND.

To apply the same generator preset to columns that have completely different names, you must create separate sensitivity rules.

To create a list of text matching conditions:

  1. Click Text Match.

  2. To add a column name condition, click Add String Match.

  3. For each condition:

    1. From the comparison type dropdown list, select the type of comparison. For example, Contains, Starts with, Ends with.

    2. In the comparison text field, provide the text to check for. Note that the comparison text is case sensitive. For example, if you set a condition to match column names that contain the text term, it does not match a column name that contains TERM or Term. It only matches term.

  4. To remove a column name condition, click its delete icon.

Providing a regular expression

To use a regular expression to identify matching columns based on the column name:

  1. Click Regular Expression.

  2. In the field, provide the regular expression.

Generator preset to apply

From the Recommended Generator Preset dropdown list, select the generator preset that is the recommended generator for matching columns.

To search for a specific preset, begin to type the generator preset name.

Deleting a sensitivity rule

To delete a sensitivity rule, on the Sensitivity Rules view, click the delete icon for the rule.

Note that existing generator recommendations for the rule remain in place until the next sensitivity scan.

Last updated