Create a Custom Data Profile
Learn how to create a data profile.
After you clone data patterns or create custom data patterns to represent the sensitive data your organization wants to detect and protect, you can use those data patterns to create a custom data profile. You can also use predefined data patterns to do the same, and the SaaS Security team recommends that you use predefined data patterns in your custom data profile for the advantages outlined in Data Patterns. Because predefined data profiles use predefined data patterns and pre-tested logic, the SaaS Security team recommends that you use the predefined data profiles, which you can modify. However, if the predefined data profiles do not meet your needs, create a custom data profile.
A data profile is a collection of data patterns joined together. To narrow down and find sensitive content is like crafting a recipe—you need to assemble the correct ingredients. Data patterns are the ingredients and a data profile is the recipe. You can work with the ingredients to create a recipe for content security.
Just as data patterns are match criteria for policy rules, so too are data profiles. Data profiles:
- Combine data patterns into a single query to filter at greater precision and efficiency than using individual data patterns.
- Exclude data patterns to fine-tune your search.
- Apply occurrence levels and confidence scoring to represent perceived risk.
- Make policy changes easier: with one change to a data profile, you can apply a new data pattern to multiple policies simultaneously. As the availability of predefined data patterns and custom data patterns grows, data profiles as management tools make your job easier.
- Navigate to.SettingsData DetectionData Profiles+Add NewCustom Data Profiles
- Name the data profile.Use a prefix naming convention that helps you distinguish between predefined data patterns.
- Select the data patterns, then use the expression builder to group them into a logical statement:
- Do one of the following:
- Basic—Provides basic Boolean operators, and you can only use one such operator in a single data profile:ANDto match on all conditions;ORto match on any condition. Drag and drop the data patterns to your workspace, select your operator, and specify your exclude or include logic.
- Advanced—IncludesNOToperators, in addition to basic operators, and bracket construct. Drag and drop the data patterns to your workspace to create a single threshold, then insert operators between the data patterns to construct your logic. Whereas SaaS Security API can handle both alerts and blocks in a single threshold, Prisma Access requires two thresholds—threshold 1 for alert mode and threshold 2 for block mode. Although, you can view within SaaS Security any Prisma Access data patterns that comprise two thresholds, SaaS Security API only evaluates threshold 2 for SaaS Security API.A data profile can include up to 50 data patterns.
- For each data pattern, modify theOccurrencecount andConfidencelevel.SaaS Security API provides a large number of predefined data patterns to include in a given data profile; therefore, your data set grows quickly. For optimal results:
Mediumconfidence level is for credit card number and voyager credit card patterns.The following example is a data profile with one threshold whereby the service displays a match if all three patterns in the first clause are present. The service doesn’t display a data pattern match if either of last two patterns aren’t present.
- Use theANYoperator sparingly.
- Use the default,High Confidencelevel.
- Pin the new data profile to yourDashboard.
- ClickSave.If you’re unable to save your new data profile and your logic uses a bracket construct, verify that you have both beginning and closing brackets. Otherwise, after you save, the service automatically enables your new data profile and immediately scans against existing data pattern matches. Optionally, you can rescan.
- As SaaS Security API starts monitoring files and matching them against enabled policy rules, on theDashboardto verify that your policy rules are effective. Monitoring the progress during the discovery phase enables you to modify your data profile and match criteria to ensure better results.If you’re happy with the results, you’re done!
Recommended For You
Recommended videos not found.