Individual Sensitive Data Type Options
At a minimum, each custom data type must specify an event threshold and at least one port or application protocol to monitor.
Each system-provided data type uses an otherwise inaccessible
sd_pattern keyword to define a built-in data pattern to
detect in traffic. You can also create custom data types for which you use
simple regular expressions to specify your own data patterns.
Sensitive data types display in all intrusion policies where Sensitive Data Detection is enabled. System-provided data types display as read-only. For custom data types, the name and pattern fields display as read-only, but you can set the other options to policy-specific values.
|
Option |
Description |
|---|---|
|
Data Type |
Specifies the unique name for the data type. |
|
Threshold |
Specifies the number of occurrences of the data type when the system generates an event. You can specify 1 through 255. Note that the preprocessor generates one event for a detected data type per session. Note also that global threshold events are independent of individual data type events; that is, the preprocessor generates an event when the data type event threshold is reached, regardless of whether the global event threshold has been reached, and vice versa. |
|
Destination Ports |
Specifies destination ports to monitor for the data type. You
can specify a single port, a comma-separated list of ports, or
|
|
Application Protocols |
Specifies up to eight application protocols to monitor for the data type. You must activate application detectors to identify application protocols to monitor. Note that, for Classic devices, this feature requires a Control license. |
|
Pattern |
Specifies the pattern to detect. This field is only present for custom data types. |