Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DOCS-6680] Add keyword dictionary and priority level #20991

Merged
merged 13 commits into from
Dec 23, 2023
Merged

[DOCS-6680] Add keyword dictionary and priority level #20991

Changes from 5 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
8662e7d
add keyword dictionary and priority level
maycmlee Dec 12, 2023
3dd14d2
move location
maycmlee Dec 12, 2023
7bdad52
moveregex
maycmlee Dec 12, 2023
92a6e1e
small edit
maycmlee Dec 12, 2023
87ca771
move priority level
maycmlee Dec 12, 2023
ff646aa
Apply suggestions from code review
maycmlee Dec 12, 2023
30f8a62
Update sensitive_data_scanner.md
Dec 22, 2023
bee2519
apply suggestion on the other section
maycmlee Dec 22, 2023
6c36dae
Update sensitive_data_scanner.md
Dec 22, 2023
c2d0272
add indent
maycmlee Dec 22, 2023
f9be7d7
Merge branch 'master' into may/add-sds-keyword-dictionary
maycmlee Dec 22, 2023
7ee2209
Merge branch 'master' into may/add-sds-keyword-dictionary
maycmlee Dec 22, 2023
f4eacc9
Apply suggestions from code review
maycmlee Dec 23, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 17 additions & 14 deletions content/en/sensitive_data_scanner.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,18 +42,8 @@ Sensitive Data Scanner can be found under [Organization Settings][1].
- For Terraform, see the [datadog_sensitive_data_scanner_group][3] resource.
- **Define Scanning Rules:** A scanning rule determines what sensitive information to match within the data. Within a scanning group, add predefined scanning rules from Datadog's Scanning Rule Library or create your own rules from scratch to scan using custom regex patterns.
- For Terraform, see the [datadog_sensitive_data_scanner_rule][4] resource.

Sensitive Data Scanner supports Perl Compatible RegEx (PCRE), but the following patterns are not supported:
- Backreferences and capturing sub-expressions (lookarounds)
- Arbitrary zero-width assertions
- Subroutine references and recursive patterns
- Conditional patterns
- Backtracking control verbs
- The \C "single-byte" directive (which breaks UTF-8 sequences)
- The \R newline match
- The \K start of match reset directive
- Callouts and embedded code
- Atomic grouping and possessive quantifiers
- **Create keyword dictionary**: Add keywords to provide additional context when matching regex conditions. For example, if you are scanning for a nine-digit credit card number, you can add keywords like `account number`, `bank card`, and `cc #` to refine the match.
maycmlee marked this conversation as resolved.
Show resolved Hide resolved
- **Set priority level**: Set the priority level for the issue created when a match is made against this rule.

**Note:**
- Any rules that you add or update only affect data coming into Datadog after the rule was defined.
Expand All @@ -62,10 +52,23 @@ Sensitive Data Scanner supports Perl Compatible RegEx (PCRE), but the following

### Custom Scanning Rules

- **Define pattern:** Specify the regex pattern to be used for matching against events. Test with sample data to verify that your regex pattern is valid.
- **Define match conditions:** Specify the regex pattern to be used for matching against events. Test with sample data to verify that your regex pattern is valid.
- Sensitive Data Scanner supports Perl Compatible RegEx (PCRE), but the following patterns are not supported:
- Backreferences and capturing sub-expressions (lookarounds)
- Arbitrary zero-width assertions
- Subroutine references and recursive patterns
- Conditional patterns
- Backtracking control verbs
- The \C "single-byte" directive (which breaks UTF-8 sequences)
- The \R newline match
- The \K start of match reset directive
- Callouts and embedded code
- Atomic grouping and possessive quantifiers
- **Define scope:** Specify whether you want to scan the entire event or just specific attributes. You can also choose to exclude specific attributes from the scan.
- **Add tags:** Specify the tags you want to associate with events where the values match the specified regex pattern. Datadog recommends using `sensitive_data` and `sensitive_data_category` tags. These tags can then be used in searches, dashboards, and monitors.
- **Create keyword dictionary**: Add keywords to provide additional context when matching regex conditions. For example, if you are scanning for a nine-digit credit card number, you can add keywords like `account number`, `bank card`, and `cc #` to refine the match.
maycmlee marked this conversation as resolved.
Show resolved Hide resolved
- **Process matching values:** Optionally, specify whether you want to redact, partially redact, or hash matching values. When redacting, specify placeholder text to replace the matching values with. When partially redacting, specify the position (start/end) and length (# of characters) to redact within matching values. Redaction, partial redaction, and hashing are all irreversible actions.
- **Add tags:** Specify the tags you want to associate with events where the values match the specified regex pattern. Datadog recommends using `sensitive_data` and `sensitive_data_category` tags. These tags can then be used in searches, dashboards, and monitors.
- **Set priority level**: Set the priority level for the issue created when a match is made against this rule.
- **Name the rule:** Provide a human-readable name for the rule.

{{< img src="sensitive_data_scanner/sds_rules_28_03_23.png" alt="A Sensitive Data Scanner custom rule" style="width:90%;">}}
Expand Down
Loading