Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Click the App Settings icon in the left sidebar.
Click Sensitive Data Discovery in the left panel to navigate to that section.
Select the checkbox to enable SDD, and then click Save and Confirm to apply your changes.
Click the App Settings icon in the left sidebar.
Click Sensitive Data Discovery in the left panel to navigate to that section.
Enter the name of your global template in the Global SDD Template Name field.
Click Save, and then Confirm your changes.
When a sample size is not specified in a template, SDD will use the default sample size of 1000 records. To adjust the sample size,
Click the App Settings icon in the left sidebar.
Click Sensitive Data Discovery in the left panel to navigate to that section.
Enter the number of rows in a data source you would like sampled when running SDD in the Default SDD Sample Size field.
Click Save, and then Confirm your changes.
In previous documentation, identifier is referred to as classifier. The language is being updated to identifier to be more accurate and not conflate meaning with the Immuta data classification and frameworks feature.
Use case: Custom column name regex identifier
Scenario: You've listed Immuta's built-in identifiers for sensitive data discovery, but you discover there is no identifier that can automatically detect and tag columns that contain account numbers in your database.
A custom column name regular expression (regex) identifier allows you to create your own detectors that enable Immuta's sensitive data discovery to find column name matches based on a regex pattern. For example, if your database contains tables with social security numbers, you could define a regex pattern to match against the names of the column instead of the values within the column. The tutorial below uses this scenario to illustrate creating this identifier.
Attributes of all custom identifiers are provided on the Sensitive data discovery API page. However, attributes specific to the custom column name regex identifier are outlined in the table below.
| Attribute | Description | Required |
|---|---|---|
Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure. You will include this API key in the authorization header when you make a request to the Immuta API or use it to configure your instance with the Immuta CLI.
Save the custom column name regex identifier payload in a .json file. The regex ^ssn|social ?security$ looks for column names that match ssn, socialsecurity, or social security.
Create the identifier using one of these methods:
Immuta CLI
HTTP API
If the request is successful, you will receive a response that contains details about the identifier.
Continue to one of the following tutorials:
Run sensitive data discovery on data sources: Trigger SDD to run on specified data sources.
Create a template: Although only data governors can create identifiers, data owners can add identifiers to templates, which they then apply to their data sources to override minConfidence or tags for identifiers within the template.
name
string Unique, request-friendly identifier name.
Yes
displayName
string Unique, human-readable identifier name.
Yes
description
string The identifier description.
Yes
type
string The type of identifier: columnNameRegex.
Yes
config
object Includes config.columnNameRegex and config.tags. *See descriptions for these below.
Yes
tags*
array[string] The name of the tags to apply to the data source. Note: All tags must start with Discovered..
Yes
columnNameRegex*
string A case-insensitive regular expression to match against column names.
Yes
In previous documentation, identifier is referred to as classifier. The language is being updated to identifier to be more accurate and not conflate meaning with the Immuta data classification and frameworks feature.
Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure. You will include this API key in the authorization header when you make a request to the Immuta API.
Find identifiers to include in your template using one of these methods:
Immuta CLI
HTTP API
If the request was successful, you will receive a list of available identifiers.
Save the template payload in a .json file. Use the tabs below to see different examples of templates.
Create the template:
Immuta CLI
HTTP API
If the request is successful, you will receive a response that contains details about the template. Use the tabs below to see different responses for different templates.
After the template is applied to data sources and sensitive data discovery is run, the Discovered.account-number tag will be applied to columns that Immuta identifies with 50% confidence, as configured in the identifier.
After the template is applied to data sources and sensitive data discovery is run, the Discovered.desk-location tag will be applied to columns when Immuta detects the values Research Lab, Blue Room or Purple Room with 60% confidence, as configured in the identifier.
After the template is applied to data sources and sensitive data discovery is run, the Discovered.residence-hall tag will be applied to columns when Immuta detects values that match those listed in the Residence Halls data source with 70% confidence, as configured in the identifier.
Attributes of all custom identifiers and templates are provided on the Sensitive data discovery API page. However, attributes specific to this section are outlined in the table below.
Find templates to apply to your data sources:
Immuta CLI
HTTP API
If the request was successful, you will receive a list of available templates.
Select an appropriate template to apply to your data sources, and save the payload in a .json file:
Apply the template to your data source(s):
Immuta CLI
HTTP API
You will receive a response that indicates whether or not the template was successfully applied to your data sources.
Users cannot modify templates created by other data owners, but they can clone templates and make changes to the clone.
Get a list of templates to determine the template you want to clone using one of these methods:
Immuta CLI
HTTP API
Save the template clone name and details in a .json file.
Clone the template:
Immuta CLI
HTTP API
If the request was successful, you will receive a response that provides details about the template clone.
You can now modify the template, such as changing the identifiers (classifiers) included and the sampleSize.
To disable entity tags from being set, you can create a template to that configures the identifier that contains that tag.
For example, the built-in PERSON_NAME identifier contains the following tags: Discovered.PHI, Discovered.PII, Discovered.Entity.Person Name, and Discovered.Identifier Indirect. However, your organization doesn't have any health data, so you don't want the PHI tag to be applied to your data sources but you do want all the other tags within that identifier.
To override the Discovered.PHI tag, you would create a template that includes the PERSON_NAME identifier and removes the Discovered.PHI from the list of tags in the template payload.
View the details about the PERSON_NAME identifier so you know what to include in your template using one of these methods:
Immuta CLI
HTTP API
If the request was successful, the response will include details about the PERSON_NAME identifier.
Remove the Discovered.PHI tag from the list of tags in the identifier config, and save the template payload in a .json file.
Create the template:
Immuta CLI
HTTP API
If the request is successful, you will receive a response that details the new template:
Now that you've created a template, continue to one of the following tutorials:
SDD global settings: Opt to add your template to the SDD global settings so that Immuta will use this template to run SDD for all data sources.
In previous documentation, identifier is referred to as classifier. The language is being updated to identifier to be more accurate and not conflate meaning with the Immuta data classification and frameworks feature.
Use case: Custom regex identifier
Scenario: You've listed Immuta's built-in identifiers for sensitive data discovery, but you discover there is no identifier that can automatically identify and tag columns that contain account numbers in your database.
A regular expression (regex) custom identifier allows you to create your own rules that enable Immuta's sensitive data discovery to find matches based on a regex pattern. For example, if a table contains account numbers in the form of xxxxxxxxx-xxx-x, you could define a regex pattern in a custom identifier to identify and tag these columns. The tutorial below uses this scenario to illustrate creating this identifier.
Attributes of all custom identifiers are provided on the Sensitive data discovery API page. However, attributes specific to the custom regex identifier are outlined in the table below.
| Attribute | Description | Required |
|---|---|---|
Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure. You will include this API key in the authorization header when you make a request to the Immuta API or use it to configure your instance with the Immuta CLI.
Save the custom regex identifier payload in a .json file.
Create the identifier using one of these methods:
Immuta CLI
HTTP API
If the request is successful, you will receive a response that contains details about the identifier.
Continue to one of the following tutorials:
Run sensitive data discovery on data sources: Trigger SDD to run on specified data sources.
Create a template: Although only data governors can create identifiers, data owners can add identifiers to templates, which they then apply to their data sources to override minConfidence or tags for identifiers within the template.
In previous documentation, identifier is referred to as classifier. The language is being updated to identifier to be more accurate and not conflate meaning with the Immuta data classification and frameworks feature.
Use case: Custom dictionary identifier
Scenario: You have data that includes the names of the rooms employees' desks are in across your organization. Although these locations may be considered sensitive in particular datasets, they would not be recognized by Immuta's built-in identifiers.
A custom dictionary identifier allows you to create your own rules that enable Immuta's sensitive data discovery to match a list of room names to values in the dataset. The tutorial below uses this scenario to illustrate creating this identifier.
Attributes of all custom identifiers are provided on the Sensitive data discovery API page. However, attributes specific to the custom dictionary identifier are outlined in the table below.
| Attribute | Description |
|---|---|
Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure. You will include this API key in the authorization header when you make a request to the Immuta API or use it to configure your instance with the Immuta CLI.
Save the custom dictionary identifier payload in a .json file. The dictionary below contains the words Research Lab, Blue Room, and Purple Room.
Create the identifier using one of these methods:
Immuta CLI
HTTP API
If the request is successful, you will receive a response that contains details about the identifier.
Continue to one of the following tutorials:
Run sensitive data discovery on data sources: Trigger SDD to run on specified data sources.
Create a template: Although only data governors can create identifiers, data owners can add identifiers to templates, which they then apply to their data sources to override minConfidence or tags for identifiers within the template.
In previous documentation, identifier is referred to as classifier. The language is being updated to identifier to be more accurate and not conflate meaning with the Immuta data classification and frameworks feature.
Attributes of all custom identifiers and templates are provided on the Sensitive data discovery API page. However, attributes specific to this section are outlined below.
| Attribute | Description |
|---|---|
Specify the data sources you would like to run SDD on, and save the payload in a .json file.
Or choose to run SDD on all the data sources in Immuta, and save the payload in a .json file.
Trigger SDD using one of these methods:
Immuta CLI
HTTP API
If sensitive data discovery was successfully run, you will receive a response similar to this:
Users can test how SDD will apply tags to their data sources by completing a dryRun, which allows users to test templates and tags:
test templates: If a template is specified in the payload when the dryRun is true, SDD will use this template instead of the template applied to the data source. Note: SDD will error if a template is specified here when dryRun is false.
test tags: Instead of applying tags, SDD just returns the tags that would be applied to the data source. This allows users to evaluate whether or not identifiers or templates are applying tags correctly without updating the data source.
After evaluating whether or not the tags have been applied appropriately, users can then make necessary changes to a template before triggering SDD again.
To complete a dryRun,
Specify the data sources you would like to run sensitive data discovery on and set dryRun to true in the payload in a .json file. Note: You can also apply a template to a data source as a dryRun, like in the example below. However, when dryRun is false, a template cannot be included in the payload. Instead, the template must be added to the data source before running SDD.
Trigger SDD using one of these methods:
Immuta CLI
HTTP API
You will receive a response that illustrates tags that will be added, tags that will be removed, and the final SDD result:
Once you are satisfied with how tags are applied by SDD, set dryRun to false (or omit it from the payload).
Trigger SDD again:
Immuta CLI
HTTP API
If the request was successful, you will receive a response similar to this one:
Select a data source from your My Data Sources page.
Click the Health Check dropdown menu.
In the Sensitive Data Discovery (SDD) section, click Re-run.
Continue to one of the following tutorials:
Run sensitive data discovery on data sources: Trigger SDD to run on specified data sources.
Create a template: Although only data governors can create identifiers, data owners can add identifiers to templates, which they then apply to their data sources to override minConfidence or tags for identifiers within the template.
Create a custom identifier: Data governors can create custom identifiers to define their own regular expressions, dictionaries, and tags that SDD will use to discover and tag data.
In previous documentation, identifier is referred to as classifier. The language is being updated to identifier to be more accurate and not conflate meaning with the Immuta data classification and frameworks feature.
Attributes of identifiers and templates are provided on the Sensitive data discovery API page. However, attributes specific to listing identifiers are outlined in the table below.
| Attribute | Description |
|---|---|
The response lists all built-in identifiers that are currently supported in Immuta SDD and their details, including their name and description. For example,
Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure. You will include this API key in the authorization header when you make a request to the Immuta API or use it to configure your instance with the Immuta CLI.
List built-in identifiers using one of these methods:
Immuta CLI
HTTP API
If the request was successful, you will receive a list of built-in identifiers.
Run sensitive data discovery on data sources: Trigger SDD to run on specified data sources.
Create a template: Although only data governors can create identifiers, data owners can add identifiers to templates, which they then apply to their data sources to override minConfidence or tags for identifiers within the template.
Create a custom identifier: Data governors can create custom identifiers to define their own regular expressions, dictionaries, and tags that SDD will use to discover and tag data.
| Attribute | Description |
|---|---|
name
string Unique, request-friendly identifier name.
Yes
displayName
string Unique, human-readable identifier name.
Yes
description
string The identifier description.
Yes
type
string The type of identifier: regex.
Yes
config
object Includes config.minConfidence, config.tags, and config.regex. *See descriptions for these below.
Yes
minConfidence*
number When the detection confidence is at least this percentage, tags are applied.
Yes
tags*
array[string] The name of the tags to apply to the data source. Note: All tags must start with Discovered..
Yes
regex*
string A case-insensitive regular expression to match against column values.
Yes
name
string Unique, request-friendly identifier name.
displayName
string Unique, human-readable identifier name.
description
string The identifier description.
type
string The type of identifier: dictionary.
config
object Includes config.minConfidence, config.tags, config.values, and config.caseSensitive (defaults to false). *See descriptions below.
minConfidence*
number When the detection confidence is at least this percentage, tags are applied.
tags*
array[string] The name of the tags to apply to the data source. Note: All tags must start with Discovered..
values*
array[string] The list of words to include in the dictionary.
caseSensitive*
boolean Indicates whether or not values are case sensitive. Defaults to false.
sources
string The name of the data sources to apply the template to.
all
boolean If true, SDD will run on all Immuta data sources. The default is false.
wait
integer The number of seconds to wait for the SDD jobs to finish. The value -1 will wait until the jobs complete. The default is -1.
dryRun
boolean When true, SDD will not update the tags on the data source(s) and will just return what tags would have been applied or removed. See this section for an example. Default is false.
template
string If passed, Immuta will run SDD with this template instead of the applied template on the data source(s). Passing template when dryRun is false will cause an error.
template
string The name of the template to apply to the data sources; null clears the current template.
sources
string The name of the data sources to apply the template to.
sortField
string The field by which to sort the search results: id, name, displayName, type, createdAt, or updatedAt.
sortOrder
string Denotes whether to sort the results in ascending (asc) or descending (desc) order. Default is asc.
offSet
integer Use in combination with limit to fetch pages.
limit
integer Limits the number of results displayed per page.
type
array[string] Searches for identifiers based on identifier type: builtIn.
searchText
string A partial, case-insensitive search on name.