Detection models define rules on how to detect sensitive data in your assets. Data
Security Center (DSC) provides built-in detection models and allows you to customize
models. You can use these models to create your own methods of sensitive data detection.
This topic describes how to view built-in detection models and create, edit, or delete
custom detection models.
View built-in detection models
The built-in sensitive data detection models provided by DSC apply to regular sensitive data, such as mobile numbers and ID card numbers. You
can view the model names, sensitivity levels, and rule information of the built-in
detection models provided by DSC. To view the built-in models provided by DSC, perform the following steps:
- Log on to the DSC console.
- In the left-side navigation pane, choose .
- On the Identification Rules page, click the Detection Models tab.
- Select Built-in from the Rule source drop-down list.
- View the list of built-in detection models.
You can view information on built-in detection models, such as the model names.
- To view the details of a specific built-in detection model, find the model and click
Details in the Operation column.
Note You cannot edit or delete built-in detection models.
- In the ViewCustom Detection Model dialog box, view the details of the built-in detection model.
You can view the model name, sensitivity level, and rule information of the model.
Create a custom detection model
DSC detects sensitive data in objects or tables and generates alerts based on sensitive
data detection rules defined in detection models. If the built-in detection models
cannot meet your business requirements, perform the following steps to create a custom
detection model:
- Log on to the DSC console.
- In the left-side navigation pane, choose .
- On the Identification Rules page, click the Detection Models tab.
- On the Detection Models tab, click Create Custom Detection Model.
- In the AddCustom Detection Model dialog box, set the following parameters.
Parameter |
Description |
Model Name |
The name of the custom detection model. |
Sensitivity level |
The sensitivity level of the sensitive data that is detected based on the rules defined
by the custom detection model. Valid values:
- S1: level 1 sensitive data
- S2: level 2 sensitive data
- S3: level 3 sensitive data
- S4: level 4 sensitive data
- S5: level 5 sensitive data
Note A larger suffix indicates a higher sensitivity level. S5 indicates the highest sensitivity
level.
|
Rules |
The rules on how to detect sensitive data. Valid values:
- Regular matching: uses a regular expression to detect sensitive data. Examples:
- Exampleoo+a: Data such as Exampleooa, Exampleoooa, and Exampleooooooa is detected as sensitive.
The plus sign (+) indicates one or more repetitions of the preceding character.
- Exampleoo*a: Data such as Exampleoa, Exampleooa, and Exampleooooooa is detected as sensitive.
The asterisk (*) indicates zero or more repetitions of the preceding character.
- Exampleo?a: Data such as Examplea and Exampleoa is detected as sensitive. The question mark
(?) indicates zero or one repetition of the preceding character.
- Does not contain: detects data that does not contain the specified keyword.
- Contains: detects data that contains the specified keyword.
You can create multiple detection rules in a detection model. To create multiple detection
rules, click Create More.
Notice
- If a custom model defines multiple rules, data is detected as sensitive only if the
data meets all the rules of the model.
- The Does not contain rules can be used to reduce false positives. We recommend that you use this type
of rules together with other rules.
- The built-in models provided by DSC apply to mobile numbers and ID card numbers. We recommend that you check whether
the rules that you want to define have been covered by the built-in models provided
by DSC before you create a custom model. For more information, see View built-in detection models.
|
Model Description |
The description of the custom detection model. |
- Click OK.
After you create the detection model, you can view the information of the model in
the model list.
View, edit, and delete a custom detection model
DSC allows you to view, edit, and delete custom detection models. This section describes
how to view, edit, and delete a custom detection model.
- Log on to the DSC console.
- In the left-side navigation pane, choose .
- On the Identification Rules page, click the Detection Models tab.
- Select Customize from the Rule source dialog box.
- Find the custom detection model that you want to manage and perform the following
operations:
- View the details of the custom detection model
Click
Details in the Operation column. In the
ViewCustom Detection Model dialog box, view the details of the custom detection model.
- Edit a custom detection model
Click
Edit in the Operation column. In the
ModifyCustom Detection Model dialog box, modify the parameters and click
OK. For more information about the parameters, see
Parameter description.
Notice If the custom detection model is used by a sensitive data detection template that
is enabled, the modification takes effect the next time when DSC scans data. The sensitive
data that was detected based on the original model is not affected.
- Delete a custom detection model
Click
Delete in the Operation column. In the message that appears, click
OK.
Notice
- Delete a custom detection model with caution. After you delete a custom detection
model, DSC cannot use this model to detect sensitive data.
- After you delete a custom detection model, the sensitive data that was detected based
on the model is not affected.