Predefined Data Patterns on Data Security
Table of Contents
Expand all | Collapse all
-
-
- What’s Data Security?
- Navigate To Data Security in Cloud Management Console
- Activate Data Security on the Hub
- Access Data Security for Standalone SaaS Security
-
- Allowed List of IP Addresses
-
- Begin Scanning an Amazon Web Services App
- Begin Scanning a Bitbucket Cloud App
- Begin Scanning a Box App
- Begin Scanning a Cisco Webex Teams App
- Begin Scanning a Citrix ShareFile App
- Begin Scanning a Confluence App
- Begin Scanning a Confluence Data Center App
- Begin Scanning a Dropbox App
- Begin Scanning a GitHub App
- Begin Scanning a GitHub V2 App
- Begin Scanning a Gmail App
- Begin Scanning a Google Cloud Storage App
- Begin Scanning a Google Drive App
- Begin Scanning a Jira Cloud App
- Begin Scanning a Jira Data Center App
- Begin Scanning a Microsoft Azure Storage App
- Begin Scanning a Microsoft Exchange App
- Begin Scanning Microsoft Office 365 Apps
- Begin Scanning a Microsoft Teams App
- Begin Scanning a Salesforce App
- Begin Scanning a ServiceNow App
- Begin Scanning a Slack for Enterprise Grid App
- Begin Scanning a Slack Enterprise App
- Begin Scanning a Slack for Pro and Business App
- Begin Scanning a Workday App (Beta)
- Begin Scanning a Yammer App
- Begin Scanning a Zendesk App
- Begin Scanning a Zoom App
- Reauthenticate to a Cloud App
- Verify Permissions on Cloud Apps
- Start Scanning a Cloud App
- Stop Scanning a Cloud App
- Rescan a Managed Cloud App
- Delete Cloud Apps Managed by Data Security
- API Throttling
- Configure Classification Labels
-
-
-
- SaaS Security with Enterprise DLP
- Predefined Data Patterns on Data Security
- Proximity Keywords
- Confidence Levels
- Shared Data Profiles and Data Patterns
- Modify a Predefined Data Pattern
- Create a Custom Data Profile
- Add a File Property Data Pattern
- Create a Custom Data Pattern
- Use Exact Data Matching (EDM)
- Enable or Disable a Machine Learning Data Pattern
- Configure WildFire Analysis
- Configure Regular Expressions
- Enable or Disable a Data Pattern
- View and Filter Data Pattern Match Results
-
-
-
- What is an Incident?
- Assess New Incidents on Data Security
- View Asset Details
- Filter Incidents
- Security Controls Incident Details
- Track Down Threats with WildFire Report
- Track Down Threats with AutoFocus
- Customize the Incident Categories
- Close Incidents
- Download Assets for Incidents
- View Asset Snippets for Incidents
- Analyze Inherited Exposure
- Email Asset Owners
- Modify Incident Status
-
- What is a Data Violation?
- Assess New Data Violations on Data Security
- Configure Data Violation Alerts on Data Security
- Filter Data Violations on Data Security
- View Asset Snippets for Data Violations on Data Security
- View Data Violation Metrics on Data Security
- Modify Data Violation Status on Data Security
-
-
-
-
- What’s SaaS Security Inline?
- Navigate To SaaS Security Inline
- SaaS Visibility for NGFW
- SaaS Visibility and Controls for NGFW
- SaaS Visibility for Prisma Access
- SaaS Visibility and Controls for Panorama Managed Prisma Access
- SaaS Visibility and Controls for Cloud Managed Prisma Access
- Activate SaaS Security Inline for NGFW
- Activate SaaS Security Inline for VM-Series Firewalls with Software NGFW Credits
- Activate SaaS Security Inline for Prisma Access
- Connect SaaS Security Inline and Cortex Data Lake
- Integrate with Azure Active Directory
-
-
- SaaS Policy Rule Recommendations
- App-ID Cloud Engine
- Guidelines for SaaS Policy Rule Recommendations
- Predefined SaaS Policy Rule Recommendations
- Apply Predefined SaaS Policy Rule Recommendations
- Create SaaS Policy Rule Recommendations
- Delete SaaS Policy Rule Recommendations
- Enable SaaS Policy Rule Recommendations
- Modify Active SaaS Policy Rule Recommendations
- Monitor SaaS Policy Rule Recommendations
-
- Enable Automatic Updates for SaaS Policy Rule Recommendations on Cloud Managed Prisma Access
- Import New SaaS Policy Rule Recommendations on Cloud Managed Prisma Access
- Update Imported SaaS Policy Rule Recommendations on Cloud Managed Prisma Access
- Remove Deleted SaaS Policy Rule Recommendations on Cloud Managed Prisma Access
- Manage Enforcement of Rule Recommendations on NGFW
- Manage Enforcement of Rule Recommendations on Panorama Managed Prisma Access
- Change Risk Score for Discovered SaaS Apps
-
-
-
-
- Onboarding Overview for Supported SaaS Apps
- Onboard an Aha.io App to SSPM
- Onboard an Alteryx Designer Cloud App to SSPM
- Onboard an Aptible App to SSPM
- Onboard an ArcGIS App to SSPM
- Onboard an Articulate Global App to SSPM
- Onboard an Atlassian App to SSPM
- Onboard a BambooHR App to SSPM
- Onboard a Basecamp App to SSPM
- Onboard a Bitbucket App to SSPM
- Onboard a BlueJeans App to SSPM
- Onboard a Box App to SSPM
- Onboard a Bright Security App to SSPM
- Onboard a Celonis App to SSPM
- Onboard a Cisco Meraki App to SSPM
- Onboard a ClickUp App to SSPM
- Onboard a Confluence App to SSPM
- Onboard a Contentful App to SSPM
- Onboard a Convo App to SSPM
- Onboard a Couchbase App to SSPM
- Onboard a Coveo App to SSPM
- Onboard a Crowdin Enterprise App to SSPM
- Onboard a Customer.io App to SSPM
- Onboard a Databricks App to SSPM
- Onboard a Datadog App to SSPM
- Onboard a DocHub App to SSPM
- Onboard a DocuSign App to SSPM
- Onboard a Dropbox Business App to SSPM
- Onboard an Envoy App to SSPM
- Onboard an Expiration Reminder App to SSPM
- Onboard a Gainsight PX App to SSPM
- Onboard a GitHub Enterprise App to SSPM
- Onboard a GitLab App to SSPM
- Onboard a Google Analytics App to SSPM
- Onboard a Google Workspace App to SSPM
- Onboard a GoTo Meeting App to SSPM
- Onboard a Grammarly App to SSPM
- Onboard a Harness App to SSPM
- Onboard a Hellonext App to SSPM
- Onboard an IDrive App to SSPM
- Onboard an Intercom App to SSPM
- Onboard a Jira App to SSPM
- Onboard a Kanbanize App to SSPM
- Onboard a Kanban Tool App to SSPM
- Onboard a Kustomer App to SSPM
- Onboard a Lokalise App to SSPM
- Onboard a Microsoft Azure AD App to SSPM
- Onboard a Microsoft Exchange App to SSPM
- Onboard a Microsoft OneDrive App to SSPM
- Onboard a Microsoft Outlook App to SSPM
- Onboard a Microsoft Power BI App to SSPM
- Onboard a Microsoft SharePoint App to SSPM
- Onboard a Microsoft Teams App to SSPM
- Onboard a Miro App to SSPM
- Onboard a monday.com App to SSPM
- Onboard a MongoDB Atlas App to SSPM
- Onboard a MuleSoft App to SSPM
- Onboard a Mural App to SSPM
- Onboard an Office 365 App to SSPM
- Onboard Office 365 Productivity Apps to SSPM
- Onboard an Okta App to SSPM
- Onboard a PagerDuty App to SSPM
- Onboard a RingCentral App to SSPM
- Onboard a Salesforce App to SSPM
- Onboard an SAP Ariba App to SSPM
- Onboard a ServiceNow App to SSPM
- Onboard a Slack Enterprise App to SSPM
- Onboard a Snowflake App to SSPM
- Onboard a SparkPost App to SSPM
- Onboard a Tableau Cloud App to SSPM
- Onboard a Webex App to SSPM
- Onboard a Workday App to SSPM
- Onboard a Wrike App to SSPM
- Onboard a YouTrack App to SSPM
- Onboard a Zendesk App to SSPM
- Onboard a Zoom App to SSPM
- Onboarding an App Using Azure AD Credentials
- Onboarding an App Using Okta Credentials
- Delete SaaS Apps Managed by SSPM
Predefined Data Patterns on Data Security
Data Security
Learn about how
Data Security
categorizes predefined
data patterns.Use one of the following topics:
See About Enterprise DLP if you have purchased
Enterprise DLP or opted in for a trial.
Data Security Data Patterns—SaaS Security DLP (Classic)
Data Security
Data Patterns—SaaS Security DLP (Classic)Data Security
provides predefined data patterns
that enable you to discover sensitive content and uncover how that
content is being shared or accessed in your managed cloud applications.
The service automatically scans your cloud applications when you Add Cloud Apps to Data Security using
predefined data patterns, classifies all documents, and checks hash
on all Microsoft Office documents, PDF, and portable executable
files against WildFire rules without requiring you to create any
policies. As the service displays incidents that match the predefined data
patterns, you can explore and filter the results to determine if
the content that the service reported poses a risk to your organization.
Then, you can do any of the following to prevent future violations:
Data Security
categorizes predefined data patterns as follows:Content Category | Scans for |
---|---|
Intellectual Property | Scans files for RSA and AWS secret keys and
confidential documents that are at risk of being stored or shared
in a way that could result in a loss of intellectual property. You
can specify File Extensions to Exclude . Excluding files
that are unlikely to have intellectual property information that
is public and not at risk of being exposed or shared in non-compliant
ways helps minimize false positives. |
Personally Identifiable Information (PII) | Scans for PII data, such as U.S., Canadian,
and international social security numbers. It also scans for Tax
IDs from the U.S., Australia, Canada, Germany, and the UK for both
the Unique Tax Payer ID, (UTR) and National Insurance Number (NINO) formats. For
each type of PII that Data Security scans for, you can specify
the minimum number of occurrences required to trigger a match. As
the number of violations for a specific asset exceeds the specified
threshold, the severity of the risk increases. |
Financial Information | Scans for financial data including credit card
numbers, credit card magnetic stripe data, international bank account
numbers, financial accounting, bank statements, personal finance, invoices,
and other financial documents. By default, Data Security performs
strict checking on credit card numbers to reduce false positives. |
Healthcare Information | Scans healthcare documents for exposure
to sensitive or confidential information, related to Clinical Laboratory Improvement
Amendments (CLIA) number, Drug Enforcement Administration (DEA) number,
and other healthcare documents. Data Security uses machine
learning algorithms to classify information and to detect sensitive
information. |
Legal Information | Scans legal documents for exposure to sensitive
or confidential information related to bankruptcy filings, lawsuits,
business agreements, mergers and acquisition information, patents,
and other legal documents. Data Security uses machine
learning algorithms to classify information and to detect sensitive
information. |
Malware | Scans files using WildFire Analysis to detect
and protect against malicious portable executables (PEs), Microsoft
Office Files, Adobe Portable Document Format (PDF) files, and known
threats based on file hash. A hash is a unique fingerprint
of a file. It is string of letters and digits that is generated as
a result of running a file through a cryptographic hash function. By
default, Data Security automatically submits portable executable
files to the WildFire service for analysis (Windows executables ). |
Data Security Data Profiles
Data Security
Data ProfilesData Security
provides predefined data profiles,
which include predefined data patterns, that enable you to discover
sensitive content and how that content is being shared or accessed
in your managed cloud applications. Predefined data patterns use
either machine learning or regex based detection for scanned files.
The service automatically scans your cloud applications when you Add Cloud Apps to Data Security using
predefined data patterns, classifies all documents, and checks hash
on all Microsoft Office documents, PDF, and portable executable
files against WildFire rules without requiring you to create any
policies.The predefined data
patterns and data profiles that come with DLP (Data Loss Prevention) work
automatically: you don't enable, configure, or create data policies
to use them, unless you want to open incidents. After your end users
upload files that include social security numbers or credit card
numbers, for example, and
Data Security
scans theses assets,
Data Security
evaluates, identifies, then exposes those assets.
These tools are built into Data Security
—they’re automatically
provisioned and protect your data.- SaaS Security with Enterprise DLP—SaaS Security regularly releases new data patterns and data profiles. Although the screen shots that include a data profile or data pattern count might not be up to date, the comparison table includes an accurate count.
- SaaS Security DLP—Screen shots that include a data profile or data pattern count might not be up to date. SaaS Security regularly releases new data patterns and data profiles. See the comparison table for current information.
SaaS Security with Enterprise DLP provides
you exclusive access to predefined data patterns and data profiles.
SaaS Security web interface displays all predefined data patterns and
data profiles irrespective of your having SaaS Security with Enterprise
DLP, and uses a lock icon to highlight data patterns and data profiles
that require the license.
As the service displays incidents that match the predefined data
patterns, you can explore and filter the results to determine if
the content that the service reported poses a risk to your organization.
Then, you can do any of the following to prevent future violations:
Data Security
categorizes predefined data patterns as follows:Predefined Data Profile Name | SaaS Security with Enterprise DLP Required? | Description |
---|---|---|
Bulk CCN | Yes | Detects and scans for Credit card numbers
or Voyager credit card numbers more than or equal to 100. |
CCPA (California Consumer Privacy Act) | Yes | Scans for Bank - American Bankers Association Routing
Number, Bank - International Bank Account Number, Driver License
- US, Address - US, Tax Id - US - TIN, Credit Card Number, Magnetic
Stripe Information, Passport - US, Address - US, National Id - US
Social Security Number - SSN. |
Commonwealth of Australia - The Privacy Act
1988 | Yes | Detects medical conditions or diseases,
and lifestyle keywords that relate to medical conditions when found with
PII data such as TFN and Passport. |
Corporate Financial Docs | Yes | Detects Financial accounting and generic financial
information. |
Financial Information | No | Scans for Bank statements, bank routing number,
credit card numbers (strict checking), bankruptcy filing, international
bank account number, invoices, magnetic stripe information, and
Committee on Uniform Securities identification procedure number. |
GDPR (General Data Protection Regulation) | Yes | Scans for GDPR- Driver's License, Tax ID,
National ID, and Passport. |
GLBA (Gramm-Leach-Bliley Act) | Yes | Scans for Credit card number, Voyager credit
card, magnetic stripe information, Tax Id - US - TIN, and National Id
- US Social Security Number - SSN. |
Healthcare | No | Detects Clinical Laboratory Improvement Amendments
(CLIA) number, Drug Enforcement Administration (DEA) number, and
other healthcare documents. |
HIPAA | Yes | Scans for National Id - US, Social Security
Number - SSN, US - Name, Date of Birth, Medical Condition, Address
- US. Identifies medical conditions or diseases, impairments
listed under social security for the purposes of disability evaluation,
and lifestyle keywords that relate to medical conditions. |
Intellectual Property | Yes | Detects content that includes Source code,
AWS secret key, access key, and company confidential. |
Legal | Yes | Detects Legal documents, including lawsuits, M&A,
standard business agreements, patents, and bankruptcy filings. |
Malware | No | Detects malware in Microsoft Office documents, PDF,
and portable executable files, and known threats against WildFire.
The verdict is based on a hash, which is a unique fingerprint of
a file. |
PHI (Personal Health Information) | No | Detects content that includes Medical codes:
ICD-9, ICD-10, NPI codes, Clinical Laboratory Improvement Amendments
(CLIA) number, Drug Enforcement Administration (DEA) number, and
more. |
PHIPA | Yes | Identifies medical conditions or diseases
and lifestyle keywords that relate to medical conditions. Detects
if Healthcare ID is present with other medical or PII data. |
PIPEDA | Yes | Detects highly sensitive information such
as SIN, Passport, CCN exist with other PII or PCI. |
PII (Personally-Identifiable Information) | Yes | Detects content that includes Tax ID, National
ID, Passport, Driver’s License, and License plate numbers. |
Profanity | Yes | Detects censored, blasphemous, personal, homophobic,
racial, and sexual content. |
Secrets
and Credentials | No | Detects content that includes Cloud database credentials,
Application credentials, API access tokens, Private keys, and miscellaneous
secret keys. |
Self Harm | Yes | Detects Self Harm - Suicidal content |
Sensitive content | Yes | Detects content that includes National ID,
Bank information, AWS Secret key or access key, company confidential,
CCN. |
SOX | Yes | Identifies financial content such as invoice, personal
finance, financial accounting. |
U.K. PIOCP | No | Detects content that includes Tax ID or
National ID. |