Predefined Data Patterns on SaaS Security API
Learn about how SaaS Security API categorizes predefined
data patterns.
Use one of the following topics:
We are in the process of
replacing SaaS Security DLP (Classic) with SaaS
Security DLP. During this process, use the topic that matches
your tenant. If you purchased SaaS Security with Enterprise
DLP, opted in for a trial of SaaS
Security with Enterprise DLP, or have a new tenant with SaaS
Security DLP, use SaaS Security API Data Profiles; otherwise,
use SaaS Security API Data Patterns—SaaS Security DLP (Classic).
SaaS Security API Data Patterns—SaaS Security DLP (Classic)
SaaS Security API provides predefined data patterns
that enable you to discover sensitive content and uncover how that
content is being shared or accessed in your managed cloud applications.
The service automatically scans your cloud applications when you Add Cloud Apps to SaaS Security API using
predefined data patterns, classifies all documents, and checks hash
on all Microsoft Office documents, PDF, and portable executable
files against WildFire rules without requiring you to create any
policies.
As the service displays incidents that match the predefined data
patterns, you can explore and filter the results to determine if
the content that the service reported poses a risk to your organization.
Then, you can do any of the following to prevent future violations:
SaaS Security API categorizes predefined data patterns as follows:
Content Category | Scans for |
|---|---|
Intellectual Property 
| Scans files for RSA and AWS secret keys and
confidential documents that are at risk of being stored or shared
in a way that could result in a loss of intellectual property. You
can specify File Extensions to Exclude . Excluding files
that are unlikely to have intellectual property information that
is public and not at risk of being exposed or shared in non-compliant
ways helps minimize false positives. |
Personally Identifiable Information (PII) 
| Scans for PII data, such as U.S., Canadian,
and international social security numbers. It also scans for Tax
IDs from the U.S., Australia, Canada, Germany, and the UK for both
the Unique Tax Payer ID, (UTR) and National Insurance Number (NINO) formats. For
each type of PII that SaaS Security API scans for, you can specify
the minimum number of occurrences required to trigger a match. As
the number of violations for a specific asset exceeds the specified
threshold, the severity of the risk increases. |
Financial Information 
| Scans for financial data including credit card
numbers, credit card magnetic stripe data, international bank account
numbers, financial accounting, bank statements, personal finance, invoices,
and other financial documents. By default, SaaS Security API performs
strict checking on credit card numbers to reduce false positives. |
Healthcare Information 
| Scans healthcare documents for exposure
to sensitive or confidential information, related to Clinical Laboratory Improvement
Amendments (CLIA) number, Drug Enforcement Administration (DEA) number,
and other healthcare documents. SaaS Security API uses machine
learning algorithms to classify information and to detect sensitive
information. |
Legal Information 
| Scans legal documents for exposure to sensitive
or confidential information related to bankruptcy filings, lawsuits,
business agreements, mergers and acquisition information, patents,
and other legal documents. SaaS Security API uses machine
learning algorithms to classify information and to detect sensitive
information. |
Malware 
| Scans files using WildFire Analysis to detect
and protect against malicious portable executables (PEs), Microsoft
Office Files, Adobe Portable Document Format (PDF) files, and known
threats based on file hash. A hash is a unique fingerprint
of a file. It is string of letters and digits that is generated as
a result of running a file through a cryptographic hash function. By
default, SaaS Security API automatically submits portable executable
files to the WildFire service for analysis ( Windows executables ). |
SaaS Security API Data Profiles
SaaS Security API provides predefined data profiles,
which include predefined data patterns, that enable you to discover
sensitive content and how that content is being shared or accessed
in your managed cloud applications. Predefined data patterns use
either machine learning or regex based detection for scanned files.
The service automatically scans your cloud applications when you Add Cloud Apps to SaaS Security API using
predefined data patterns, classifies all documents, and checks hash
on all Microsoft Office documents, PDF, and portable executable
files against WildFire rules without requiring you to create any
policies.
The predefined data
patterns and data profiles that come with DLP (Data Loss Prevention)
work automatically: you don't enable, configure, or create data
policies to use them, unless you want to open incidents. After your
end users upload files that include social security numbers or credit
card numbers, for example, and SaaS Security API scans theses assets,
SaaS Security API evaluates, identifies, then exposes those assets.
These tools are built into SaaS Security API—they’re automatically
provisioned and protect your data.
- SaaS Security with Enterprise DLP—Screen shots that include a data profile or data pattern count might not be up to date. SaaS Security regularly releases new data patterns and data profiles. See the comparison table for current information.
- SaaS Security DLP—Screen shots that include a data profile or data pattern count might not be up to date. SaaS Security regularly releases new data patterns and data profiles. See the comparison table for current information.
SaaS Security with Enterprise DLP provides
you exclusive access to predefined data patterns and data profiles.
SaaS Security web interface displays all predefined data patterns
and data profiles irrespective of your having SaaS Security with
Enterprise DLP, and uses a lock icon to highlight data patterns
and data profiles that require the license.
As the service displays incidents that match the predefined data
patterns, you can explore and filter the results to determine if
the content that the service reported poses a risk to your organization.
Then, you can do any of the following to prevent future violations:
SaaS Security API categorizes predefined data patterns as follows:
Predefined Data Profile Name | SaaS Security with Enterprise DLP Required? | Description |
|---|---|---|
Bulk CCN | Yes | Detects and scans for Credit card numbers
or Voyager credit card numbers more than or equal to 100. |
CCPA (California Consumer Privacy Act) | Yes | Scans for Bank - American Bankers Association Routing
Number, Bank - International Bank Account Number, Driver License
- US, Address - US, Tax Id - US - TIN, Credit Card Number, Magnetic
Stripe Information, Passport - US, Address - US, National Id - US
Social Security Number - SSN. |
Commonwealth of Australia - The Privacy Act
1988 | Yes | Detects medical conditions or diseases,
and lifestyle keywords that relate to medical conditions when found with
PII data such as TFN and Passport. |
Corporate Financial Docs | Yes | Detects Financial accounting and generic financial
information. |
Financial Information | No | Scans for Bank statements, bank routing number,
credit card numbers (strict checking), bankruptcy filing, international
bank account number, invoices, magnetic stripe information, and
Committee on Uniform Securities identification procedure number. |
GDPR (General Data Protection Regulation) | Yes | Scans for GDPR- Driver's License, Tax ID,
National ID, and Passport. |
GLBA (Gramm-Leach-Bliley Act) | Yes | Scans for Credit card number, Voyager credit
card, magnetic stripe information, Tax Id - US - TIN, and National Id
- US Social Security Number - SSN. |
Healthcare | No | Detects Clinical Laboratory Improvement Amendments
(CLIA) number, Drug Enforcement Administration (DEA) number, and
other healthcare documents. |
HIPAA | Yes | Scans for National Id - US, Social Security
Number - SSN, US - Name, Date of Birth, Medical Condition, Address
- US. Identifies medical conditions or diseases, impairments
listed under social security for the purposes of disability evaluation,
and lifestyle keywords that relate to medical conditions. |
Intellectual Property | Yes | Detects content that includes Source code,
AWS secret key, access key, and company confidential. |
Legal | Yes | Detects Legal documents, including lawsuits, M&A,
standard business agreements, patents, and bankruptcy filings. |
Malware | No | Detects malware in Microsoft Office documents, PDF,
and portable executable files, and known threats against WildFire.
The verdict is based on a hash, which is a unique fingerprint of
a file. |
PHI (Personal Health Information) | No | Detects content that includes Medical codes:
ICD-9, ICD-10, NPI codes, Clinical Laboratory Improvement Amendments
(CLIA) number, Drug Enforcement Administration (DEA) number, and
more. |
PHIPA | Yes | Identifies medical conditions or diseases
and lifestyle keywords that relate to medical conditions. Detects
if Healthcare ID is present with other medical or PII data. |
PIPEDA | Yes | Detects highly sensitive information such
as SIN, Passport, CCN exist with other PII or PCI. |
PII (Personally-Identifiable Information) | Yes | Detects content that includes Tax ID, National
ID, Passport, Driver’s License, and License plate numbers. |
Profanity | Yes | Detects censored, blasphemous, personal, homophobic,
racial, and sexual content. |
Secrets
and Credentials | No | Detects content that includes Cloud database credentials,
Application credentials, API access tokens, Private keys, and miscellaneous
secret keys. |
Self Harm | Yes | Detects Self Harm - Suicidal content |
Sensitive content | Yes | Detects content that includes National ID,
Bank information, AWS Secret key or access key, company confidential,
CCN. |
SOX | Yes | Identifies financial content such as invoice, personal
finance, financial accounting. |
U.K. PIOCP | No | Detects content that includes Tax ID or
National ID. |
