Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
piidiscovery [2018_04_06 18:37] – v2.0 updates part 1 stevenpiidiscovery [2018_04_06 20:49] – refactor of configuring rules section steven
Line 210: Line 210:
 ### 6. Configuring PII Detection Rules ### 6. Configuring PII Detection Rules
  
-A set of rules for detecting different kinds of PII is provided with the Enterprise File Fabric. These rules can be used as provided, or the administrator can remove or change rules to meet the organization’s specific requirements.+A set of rules for detecting different kinds of PII is provided with the Enterprise File Fabric. These rules can be used as provided, or the administrator can add, remove or change them.
  
 +The PII Detection Rules are defined in a JSON document that is accessible from the PII Scanning & Detection tab of the organization’s Policies page. Prior to editing the PII Detection Rules, make a safe copy of the JSON document by copying the contents to a text file. That way you can easily revert the changes if needed.
  
-PII detection rules are defined in a JSON document that is presented on the PII administration tab of the organization’s Policies page:+The PII Detection Rules JSON document is an array of objects with each object describing one rule. A rule has the following properties:
  
-    {   +  * ''id'' - A unique identifier. 
-        "id":"creditcard", +  * ''title'' - The name of the rule shown in the user interface 
-        "tag":"credit card", +  * ''tag'' - Files found with this rule are tagged with this value 
-        "title":"Credit card numbers", +  * ''filters'' - An array of one PII filter objects with matching criteria
-        "filters":  +
-              +
-                "name":"The main credit card filter", +
-                "code":"creditcard" +
-            } +
-        ] +
-    }+
  
 +The document is validated against a JSON schema on update. If there is an error the document will not be saved:
  
-This contents of this document must conform to a JSON schema specification that is included with the File Fabric appliance and can be downloaded from the same page:+{{ :piidiscovery:pii_filter_error.png?nolink |}} 
 + 
 +The JSON schema can be downloaded from the same page:
  
 {{ :piidiscovery:enable_pii_scanning.jpg?nolink |}} {{ :piidiscovery:enable_pii_scanning.jpg?nolink |}}
  
-Prior to editing the JSON document that contains the PII detection rules, make a safe copy of the current version by copying the contents to a text file.  That way you can easily revert the changes if needed.+#### Rule Id
  
-The JSON document consists of an array of structures, each of which describes a rule. Each rule is identified by an id.  The id must be unique within the JSON document.+To add scanning rule create a new unique ''id''An id must only contain the characters A-Z, a-z 0-9 and _ (underscore). It is only used internally and should not be changed.
  
-Each rule contains a list of filters.+#### Rule Title
  
-The JSON schema describes two styles of filters that the JSON document can contain.  Only the code filter is currently supported Here is an example:+The ''title'' will be the name of the data type in the “Contains PII” checklist on the File Manager’s search screen and in the PII list for a file in the File Manager’s Info panel.
  
-      +{{ :piidiscovery:contain_pii.jpg?nolink |}}
-        "id":"us_ssn", +
-        "tag":"US Social Security Number", +
-        "title":"Social Security Numbers (US)", +
-        "filters":  +
-              +
-                "name":"The main SSN filter", +
-                "code":"usSsn" +
-            } +
-        ] +
-    }+
  
 +#### Rule Tag
  
-The tag” value will be the name of the tag in the File Fabric’s tagging system.  Tag values must be unique within the JSON document.+The ''tag'' value is the name of one tag. It does not have to be predefined.  Tag values should be unique within the JSON document. 
  
 {{ :piidiscovery:edit_tags.jpg?nolink |}} {{ :piidiscovery:edit_tags.jpg?nolink |}}
  
-The “title” will be the name of the data type in the “Contains PII” tick list on the File Manager’s search screen and in the PII list for a file in the File Manager’s Info panel.+#### Rule Filters
  
-{{ :piidiscovery:contain_pii.jpg?nolink |}}+Two types of matching filters are supported. Regular expression filters support the detection of PII content through search patterns. Code filters are predefined filters in the product that match common types of PII.  
 + 
 +##### Regular Expression Filters 
 + 
 +Rules created by users (admins) can each contain one user-supplied regular expression filter. 
 + 
 +The regex property is the regular expression that will be used to detect data of the type described by the rule when a file is scanned. The regular expression must be delimited by slashes (‘/’). For more information on syntax see [[http://us1.php.net/manual/en/regexp.reference.meta.php|Regexp Reference]].  
 + 
 +This is an example of a rule using a regular expression filter: 
 + 
 +     
 +      "id":"USVIN", 
 +      "tag":"US VIN", 
 +      "title":"US Vehicle Identification Number", 
 +      "filters":  
 +           
 +            "name":"VIN filter", 
 +            "regex":"/([A-HJ-NPR-Z0-9]{17})/" 
 +         } 
 +      ] 
 +   } 
 + 
 +##### Code Filters 
 + 
 +This is an example of a rule using a code filter: 
 + 
 +     
 +      "id":"us_ssn", 
 +      "tag":"US Social Security Number", 
 +      "title":"Social Security Numbers (US)", 
 +      "filters":  
 +           
 +            "name":"The main SSN filter", 
 +            "code":"usSsn" 
 +         } 
 +      ] 
 +   } 
 + 
 +Adding new code filters to this version of the File Fabric requires paid professional services support from Storage Made Easy. Users wishing to add their own code filters should contact their SME sales representatives. 
 + 
 +The following predefined code filters are included with the File Fabric:
  
-When you try to save your changes to the JSON document on the “PII Detection & Scanning” tab of the “Policies” page, the edited JSON is validated.  If your edits have introduced an error then the document will not be saved.+ * General 
 +    * bankIban - Bank account numbers (IBAN) 
 +    * bankSwift -  SWIFT 
 +    * creditcard - Credit cards 
 +    * email  - Email 
 +    * Icd10cm - ICD 10-CM Code rule 
 +    * Icd9cm - ICD 9-CM Code rule 
 +    * Ip - IPv4 and IPv6 addresses 
 + * Australia 
 +    * auMedicare - Australian Medicare account number 
 +    * auTaxFileNumber - Australian Tax File number 
 +    * Brazil 
 +    * brCpfNumber - Brazilian CPF Number rule 
 + * Canada 
 +    * caBritishColumbiaInsuranceNumber - British Columbian Personal Health Number (PHN) 
 +    * caOntarioInsuranceNumber - Ontario Health Insurance Plan number 
 +    * caPassport - Canadaian Passport 
 +    * caQuebecInsuranceNumber -  Quebec Health Insurance Number 
 +    * caSin -  Canadaian Social Insurance Number (SIN) 
 + * China 
 +    * cnPassport - Chinese passport 
 +    * Germany 
 +    * dePassport - German passport 
 + * Spain 
 +    * esNie - Spanish NIE Number rule 
 +    * esNif - Spanish NIF Number rule 
 +    * esPassport - Spanish passport 
 + * French 
 +    * frIDCard - French National ID Card 
 +    * frPassport - French passport 
 +    * frSsn - French social security number (NIR) 
 + * India 
 +    * inPersonalNumber - Indian Personal Permanent Account Number 
 + * Japan 
 +    * jpPassport - Japanese passport 
 + * South Korea 
 +    * krPassport - South Korean passport 
 + * Mexico 
 +    * mxNationalNumber - Mexican National Identification Number 
 +    * mxPassport- Mexican passport 
 + * Netherlands 
 +    * nlIdNumber - Dutch national identification number (BSN) 
 + * United Kingdom 
 +    * ukDrivingLicense - UK Driving License rule 
 +    * ukNationalInsuranceNumber -  UK National Insurance Number rule 
 +    * ukNhsNumber - UK NHS Number rule 
 +    * ukNumberPlate - UK Number Plate 
 +    * ukPassport - UK passport 
 +    * ukTaxpayerNumber -UK Taxpayer Identification Number 
 +    * ukTelephone - UK telephone number 
 + * United States
  
-{{ :piidiscovery:error_pii_rules.jpg?nolink |}}+#### Removing Rules
  
 You may also want to remove from the JSON document rules that scan for data items that are not of interest to your organization.  In that case, remove the entire section starting with the curly brace before the id, and ending with the comma preceding the next rule (unless you are removing the final rule in the document, in which case there is no comma).  For example, if you don’t want the File Fabric to scan for Australian tax file numbers, you would remove this text (including the trailing comma) from the JSON document: You may also want to remove from the JSON document rules that scan for data items that are not of interest to your organization.  In that case, remove the entire section starting with the curly brace before the id, and ending with the comma preceding the next rule (unless you are removing the final rule in the document, in which case there is no comma).  For example, if you don’t want the File Fabric to scan for Australian tax file numbers, you would remove this text (including the trailing comma) from the JSON document:
© Copyright 2024 Nasuni.