Modify a Predefined Data Pattern
Learn how to clone a data pattern.
Learn how to modify a data pattern.
We
are in the process of
replacing SaaS Security DLP (Classic) with SaaS
Security DLP. During this process, use the topic that matches
your tenant. If you purchased SaaS Security with Enterprise
DLP Add-on, opted in for a trial of SaaS
Security with Enterprise DLP Add–on, or have a new tenant with SaaS
Security DLP, or have a new tenant with SaaS Security
DLP, use Clone a Data Pattern; otherwise,
use Modify Predefined Data Patterns—SaaS Security DLP (Classic).
Modify Predefined Data Patterns—SaaS Security DLP (Classic)
SaaS Security API provides predefined data
patterns that automatically scan for matches against the default
rules for Data Loss Prevention (DLP) and Threat Prevention as soon
as you Add Cloud Apps to SaaS Security API.
You can edit the proximity keywords for any predefined data pattern
to narrow the match results, reduce false positives, and improve
accuracy.
- Select the predefined data pattern to edit.
- Select .
- Select a predefined data pattern byNamefrom the list.For easy identification, the predefined data patterns do not haveCustomin the title.
- Enter the new proximity keywords for the predefined data pattern and clickSave.
SaaS Security API immediately begins scanning and displays the match results in from this view, you can View and Filter Data Pattern Match Results.
Clone a Data Pattern
Although you cannot modify a predefined data
pattern, you can clone (exact copy) an existing data pattern. In
fact, you can clone any data pattern—specifically
a custom data pattern, predefined data pattern, and file type data
pattern.
A clone inherits the pattern of its
parent
data
pattern. For example, a predefined data pattern has a built-in expression.
This expression, therefore, is active and hidden in a clone of a
predefined data pattern, just as it is in the parent data pattern:
You can only
add proximity keywords; if, however, you want
to define a regular expression in addition to keywords, clone or create a custom
data pattern from scratch instead.This
paradigm enables you to do any of the following:
- Efficiently create new data patterns.
- Work with a variation of a data pattern for experimentation purposes. Simply use the clone as match criteria in your policies and disable the parent data pattern. Then, either revert to the existing baseline—the parent data pattern, or retain and enable the cloned data pattern.
- Select the data pattern to clone.
- Select .
- UseStateandTypefilters to search for the data pattern. All predefined data patterns are set to enabled by default.
- ClickClone Pattern.For easy identification, the service automatically populates theData Pattern Namewith aCopyprefix.
- Enter the proximity keywords, thenSave.
- (Optional) Use the cloned data pattern.
- Add a new asset rule to use the cloned data pattern as match criteria.Alternatively, you can modify an existing policy rule.
- Disable the parent data pattern the parent data pattern to reduce false positives.
- Enable the cloned data pattern.SaaS Security API immediately rescans and displays the match results.
