Configuring Custom Sensitive Data Types

You cannot delete a data type if the sensitive data rule for that data type is enabled in any intrusion policy.

Procedure

Step 1

Choose Policies > Access Control > Intrusion

Step 2

Click Snort 2 Version next to the policy you want to edit.

If View (View button) appears instead, the configuration belongs to an ancestor domain, or you do not have permission to modify the configuration.

Step 3

Click Advanced Settings in the navigation panel.

Step 4

If Sensitive Data Detection under Specific Threat Detection is disabled, click Enabled.

Step 5

Click Edit (edit icon) next to Sensitive Data Detection.

Step 6

Click Add (add icon) next to Data Types.

Step 7

Enter a name for the data type.

Step 8

Enter the pattern you want to detect with this data type; see Data Patterns in Custom Sensitive Data Types.

Step 9

Click OK.

Step 10

Optionally, click the data type name, and modify the options described in Individual Sensitive Data Type Options.

Step 11

Optionally, delete a custom data type by clicking Delete (delete icon), then OK to confirm.

Note

If the sensitive data rule for that data type is enabled in any intrusion policy, the system warns that you cannot delete the data type. You must disable the sensitive data rule in affected policies before attempting the deletion again; see Setting Intrusion Rule States.

Step 12

To save changes you made in this policy since the last policy commit, click Policy Information in the navigation panel, then click Commit Changes.

If you leave the policy without committing changes, changes since the last commit are discarded if you edit a different policy.

What to do next

  • Enable the associated custom sensitive data preprocessing rule in each policy where you want to use that data type; see Setting Intrusion Rule States.

  • Deploy configuration changes.