Data Patterns

Learn about the types of data patterns available on SaaS Security API—predefined, custom, and file property.
Learn about the three types of data patterns available on SaaS Security API—predefined, custom, and file property.
We are in the process of replacing SaaS Security DLP (Classic) with SaaS Security DLP. During this process, use the topic that matches your tenant. If you purchased SaaS Security with Enterprise DLP Add‑on, opted in for a trial of SaaS Security with Enterprise DLP Add–on, or have a new tenant with SaaS Security DLP, use Configure Data Patterns; otherwise, use Configure Data Patterns—SaaS Security DLP (Classic).

Configure Data Patterns—SaaS Security DLP (Classic)

SaaS Security API offers the following data pattern types:
  • data patterns—the service automatically activates after a scan to match on keywords, which you can modify, and pre-tested strings.
    SaaS Security API includes several predefined data patterns that automatically begin scanning content and detecting incidents as soon as you Add Cloud Apps to SaaS Security API. Predefined data patterns are grouped into six categories by content type:
  • data patterns—you create from scratch to match on keywords and strings of text, such as particular characters, words, or patterns of characters and make it possible to find all instances of text that match a certain pattern, or return a value if the pattern is not found.
  • data patterns—you create from scratch to match on file metadata.
    If you assign classification tags or labels as metadata to files, with the file property data pattern you can specify any custom or extended file property as a name-value pair to match in policy rules.
After you’re familiar with the predefined data patterns and how they work, you can modify the predefined data patterns as desired or define your own new data pattern. You can then view and filter incidents to determine if the matched content to your configured data patterns poses a risk to your organization.

Configure Data Patterns

One of the main problems SaaS Security API helps you with is data loss prevention (DLP): SaaS Security API uses data patterns to detect sensitive content stored in your cloud apps.
At minimum,
all
data patterns use one of two detection techniques: basic regular expression or weighted regular expression. The SaaS Security web interface enables you to add keywords too. In addition to these techniques, SaaS Security API predefined data patterns use advanced techniques.
SaaS Security API offers the following data patterns types and subtype, and each uses a different combination of content analysis techniques to identify and rate the content:
  • data patterns (data pattern type)—the service automatically activates a subset of default data patterns after a scan to match on keywords and pre-tested and built-in regular expressions. When you view a predefined data pattern, this expression is hidden, yet active. These data patterns use industry standard data identifiers. Additionally, these data patterns sometimes include additional, built-in logic in the form of machine learning and checksum for legal and financial data patterns.
    SaaS Security API includes several predefined data patterns that automatically begin scanning content and detecting incidents as soon as you Add Cloud Apps to SaaS Security API.
  • data patterns (data pattern type)—you create from scratch using regular expressions and keywords. Because these data patterns are developed from a blank canvas, they don’t include built-in logic, unlike predefined data patterns.
  • data patterns (data pattern subtype)—you create from scratch to match on a name-value pair. The match looks for metadata or attributes in the file's custom or extended properties. These data patterns use a blank canvas because your metadata is unique to your assets.
    This data pattern subtype is available within custom data patterns and predefined data patterns.
After you’re familiar with the data patterns and how they work, you can create your own new data pattern instead or clonethe data patterns. You can then view and filter incidents to determine if the matched content to your configured data patterns poses a risk to your organization.

Recommended For You