: View and Filter Data Pattern Match Results
Focus
Focus

View and Filter Data Pattern Match Results

Table of Contents

View and Filter Data Pattern Match Results

Learn how to filter the match results for data patterns and create an incident threshold on
Data Security
.
Learn how to filter the match results for data patterns and create an incident threshold on
Data Security
.
We are in the process of replacing SaaS Security DLP (Classic) with SaaS Security DLP. During this process, use the topic that matches your tenant. If you purchased SaaS Security with Enterprise DLP Add, opted in for trial of SaaS Security with Enterprise DLP, or have a new tenant with SaaS Security DLP, use Filter Data Pattern Results; otherwise, use Filter Data Pattern Results—SaaS Security DLP (Classic).

Filter Data Pattern Results—SaaS Security DLP (Classic)

When you Configure Data Patterns, you define the criteria that the policy rule uses when the DLP service scans for matches. The DLP service compares all the information it discovers against the enabled data pattern and identifies match occurrences. From the match results, you can focus on a match to filter and determine if the number of occurrences meets an incident threshold.
  1. Filter data pattern match results with occurrence match counting.
    WildFire and machine learning data patterns do not have occurrences to specify in Match Criteria.
    1. Select
      Explore
      Assets
      Content
      to configure occurrence match counting to view pattern match results and adjust the threshold.
    2. Select the content
      Category
      to view.
    3. Enter the numerical value in
      Occurrences
      in the selected category, and click
      Enter
      to view the filtered results.
    For basic data patterns, you can Assess Incidents and remediate the occurrences. For weighted data patterns, you can calculate the unique occurrence against the weight threshold to determine a score. See Configure Regular Expressions.

Filter Data Pattern Results

When you modify a policy rule or add a new asset rule, you define the criteria that the policy rule uses when
Data Security
scans for matches, including a predefined data pattern, custom data pattern, or new data profile. The service compares all the information it discovers against the enabled data pattern or data profile and identifies match occurrences. From the match results, you can focus on a match to filter and determine if the number of occurrences meets an incident threshold.
  1. Log in to SaaS Security. Go to
    Data Security
    Data Assets
    Data Profile (Filter)
    .
  2. Do one of the following:
    • Select or search for the
      Data Pattern
      to view. If a large number of assets displays, choose a
      High
      Confidence Level.
    • Select or search for the
      Data Profile
      to view.
    • (
      Optional
      ) Filter on
      Confidence Level
      to show or hide false positives as outlined in View Asset Snippets for Incidents.

Recommended For You