Create a Custom Data Pattern

Learn how to create a new data pattern on SaaS Security API.
Learn how to create a new data pattern on SaaS Security API.
We are in the process of replacing SaaS Security DLP (Classic) with SaaS Security DLP. During this process, use the topic that matches your tenant. If you purchased SaaS Security with Enterprise DLP Add‑on, opted in for a trial of SaaS Security with Enterprise DLP Add–on, or have a new tenant with SaaS Security DLP, use Create Custom Data Patterns—SaaS Security DLP (Classic); otherwise, use Create Custom Data Patterns.

Create Custom Data Patterns—SaaS Security DLP (Classic)

SaaS Security API offers various data pattern types, and each type has unique advantages. Use a custom data pattern to build a data pattern from scratch.
Custom data patterns cannot be disabled. They can only be deleted.
Data patterns use a combination of content analysis techniques to identify the content and rate it with a low to high confidence score:
  • regular expressions
  • machine learning
  • proximity keywords
  • check sum
  1. Select
    Settings
    Data Patterns
    +Add New
    Add New Custom Data Pattern
    .
  2. Name the data pattern.
    1. Enter a
      Data Pattern Name
      for the data pattern.
    2. Enter a
      Short Label
      description for the data pattern that is 12 characters or less.
  3. Define the regular expression, including whether you want a
    Basic
    or
    Weighted
    regular expression.
  4. Select a
    Category
    to scan, then
    Save
    .
    If you select uncategorized category, SaaS Security API scans all assets in your sanctioned cloud apps to locate a match for the expressions, and such a scan takes longer to return results than if the service only scanned a specific category.
  5. Modify a policy rule or add a new asset rule to use the new data pattern as match criteria.

Create Custom Data Patterns

SaaS Security API enables you to create custom data patterns from scratch. Custom data patterns use a combination of content analysis techniques to identify and rate the content:
However, before you create a custom data pattern, consider alternatives that might save you time:
  • If there is a predefined data pattern that identifies all the content you desire, use it instead. SaaS Security API tuned and tested these predefined data patterns, so they’re efficient and accurate and include built-in logic . For example, if you want to search for social security numbers, use the US Social Security Number (SSN) predefined data pattern.
  • If there is a predefined data pattern that identifies the content you desire, but you need to filter out false positives, clone it, then add proximity keywords.
  • If there is an existing custom data pattern that identifies most of the content you desire, clone it, then modify the expression.
If these alternatives don’t meet your needs, create a custom data pattern instead.
SaaS Security with Enterprise DLP Add–on provides you exclusive access to predefined data patterns and data profiles. The SaaS Security web interface displays all predefined data patterns and data profiles irrespective of your having a SaaS Security with Enterprise DLP Add–on, and uses a lock icon to highlight data patterns and data profiles that require the license.
  1. Select
    Settings
    Data Patterns
    +Add New
    Custom Data Pattern
    .
  2. Name the data pattern.
    1. Enter a
      Data Pattern Name
      for the data pattern.
    2. Enter a
      Description
      for the data pattern.
  3. Define the regular expression, including whether you want a
    Basic
    or
    Weighted
    regular expression.
  4. Specify proximity keywords, then
    Save
    .
  5. (
    Optional
    ) Use the custom data pattern.
    1. The service automatically enables the new data pattern and only applies that data pattern to future scans.
    2. Add a new asset rule to use the new data pattern as match criteria.
      Alternatively, you can modify an existing policy rule.
    3. As SaaS Security API starts monitoring files and matching them against enabled policy rules, on the
      Dashboard
      to verify that your policy rules are effective. Monitoring the progress during the discovery phase enables you to modify your data patterns and match criteria to ensure better results.

Recommended For You