Manage Sensitive Data Discovery (SDD)
Sensitive data discovery (SDD) API reference guide
In previous documentation, rule and pattern are referred to as classifier or identifier, and framework is referred to as template.
Workflow
Create a pattern
To run this pattern against your data, ensure it is added to a framework.
POST /sdd/classifier
Create a pattern.
Payload parameters
name
string Unique, request-friendly pattern name.
Yes
displayName
string Unique, human-readable pattern name.
Yes
description
string The pattern description.
Yes
type
string The type of pattern: regex, dictionary, columnNameRegex, or builtIn.
Yes
config
object The configuration of the pattern, which includes config.values, config.caseSensitive, config.regex, config.columnNameRegex, and config.tags.
Yes
config.tags
array[string] The default resulting tags to apply when the pattern is matched; they must begin with Discovered . .
No
config.regex
string A case-insensitive regular expression to match against column values. The pattern must have regex, columnNameRegex, or values to match to data.
No
config.columnNameRegex
string A case-insensitive regular expression to match against column names. The pattern must have regex, columnNameRegex, or values to match to data.
No
config.values
array[string] The list of words included in the dictionary to match against column values. The pattern must have regex, columnNameRegex, or values to match to data.
No
config.caseSensitive
boolean Indicates whether or not values are case sensitive. Defaults to false.
No
Response parameters
createdBy
array Includes details about the user who created the pattern, such as their profile id, name, and email.
name
string Unique, request-friendly pattern name.
displayName
string Unique, human-readable pattern name.
description
string The pattern description.
type
string The type of pattern: regex, dictionary, columnNameRegex, or builtIn.
config
object The configuration of the pattern, which includes config.values, config.caseSensitive, config.regex, config.columnNameRegex, and config.tags.
config.tags
array[string] The default resulting tags to apply to the data source when the pattern is matched.
config.columnNameRegex
string A case-insensitive regular expression to match against column names.
config.regex
string A case-insensitive regular expression to match against column values.
config.values
array[string] The list of words included in the dictionary to match against column values.
config.caseSensitive
boolean Indicates whether or not values are case sensitive.
createdAt
date When the pattern was created.
updatedAt
date When the pattern was last updated.
Request example
The following request creates a pattern, saved in example-payload.json.
Payload examples
Response example
Create an identification framework
POST /sdd/template
Create an identification framework.
Payload parameters
name
string Unique, request-friendly framework name.
Yes
displayName
string Unique, human-readable framework name.
Yes
description
string The framework description.
Yes
classifiers
array The patterns to include in the framework and any additional overrides for those patterns.
Yes
classifiers.name
string The name of the pattern to include in the framework.
Yes
classifiers.overrides
array The overrides to modify the pattern for this framework.
No
classifiers.overrides.tags
array The resulting tags to apply when the pattern is matched. These tags will override the pattern's default tags and must begin with Discovered . .
No
Response parameters
id
integer The unique ID of the framework.
createdBy
array Includes details about the user who created the framework, such as their profile id, name, and email.
name
string Unique, request-friendly framework name.
displayName
string Unique, human-readable framework name.
description
string The framework description.
classifiers
array The rules in the framework and any overrides for those rules.
createdAt
date When the framework was created.
updatedAt
date When the framework was last updated.
Request example
The following request creates an identification framework that contains 2 rules, saved in example-payload.json.
Payload example
Response example
Search for patterns or identification frameworks
List or search for patterns
GET /sdd/classifier
List or search patterns.
Query parameters
sortField
string The field by which to sort the search results: id, name, displayName, type, createdAt, or updatedAt.
No
sortOrder
string Denotes whether to sort the results in ascending (asc) or descending (desc) order. Default is asc.
No
offSet
integer Use in combination with limit to fetch pages.
No
limit
integer Limits the number of results displayed per page.
No
type
array[string] Searches based on pattern type: regex, dictionary, builtIn, or columnNameRegex.
No
searchText
string A partial, case-insensitive search on name.
No
Response parameters
count
integer The number of pattern found matching the search criteria.
createdBy
array Includes details about the user who created the pattern, such as their profile id, name, and email.
name
string Unique, request-friendly pattern name.
displayName
string Unique, human-readable pattern name.
description
string The pattern description.
type
string The type of pattern: regex, dictionary, columnNameRegex, or builtIn.
config
object The configuration of the pattern, which includes config.values, config.caseSensitive, config.regex, config.columnNameRegex, and config.tags.
config.tags
array[string] The default resulting tags to apply when the pattern is matched.
config.columnNameRegex
string A case-insensitive regular expression to optionally match against column names.
config.regex
string A case-insensitive regular expression to match against column values.
config.values
array[string] The list of words included in the dictionary to match against column values.
config.caseSensitive
boolean Indicates whether or not values are case sensitive.
createdAt
date When the pattern was created.
updatedAt
date When the pattern was last updated.
Request example
The following request lists 5 patterns.
Response example
List or search for identification frameworks
GET /sdd/template
List or search identification frameworks.
Query parameters
sortField
string The field by which to sort the search results: id, name, displayName, type, createdAt, or updatedAt.
No
sortOrder
string Denotes whether to sort the results in ascending (asc) or descending (desc) order. Default is asc.
No
offSet
integer Use in combination with limit to fetch pages.
No
limit
integer Limits the number of results displayed per page.
No
classifiers
array[string] Filters framework results to those containing the specified patterns.
No
searchText
string A partial, case-insensitive search on the framework name.
No
Response parameters
count
integer The number of identification frameworks found matching the search criteria.
id
integer The unique ID of the framework.
createdBy
array Includes details about the user who created the framework, such as their profile id, name, and email.
name
string Unique, request-friendly framework name.
displayName
string Unique, human-readable framework name.
description
string The framework description.
classifiers
array The rules in the framework and any overrides for those rules.
createdAt
date When the framework was created.
updatedAt
date When the framework was last updated.
Request example
The following request lists all identification frameworks.
Response example
View a pattern by name
GET /sdd/classifier/{classifierName}
Get a pattern by name.
Query parameters
classifierName
string The name of the pattern.
Yes
Response parameters
id
integer The unique ID of the pattern.
createdBy
array Includes details about the user who created the pattern, such as their profile id, name, and email.
name
string Unique, request-friendly pattern name.
displayName
string Unique, human-readable pattern name.
description
string The pattern description.
type
string The type of pattern: regex, dictionary, columnNameRegex, or builtIn.
config
object The configuration of the pattern, which includes config.values, config.caseSensitive, config.regex, config.columnNameRegex, and config.tags.
config.tags
array[string] The name of the resulting tags to apply to the data source.
config.columnNameRegex
string A case-insensitive regular expression to optionally match against column names.
config.regex
string A case-insensitive regular expression to match against column values.
config.values
array[string] The list of words included in the dictionary to match against column values.
config.caseSensitive
boolean Indicates whether or not values are case sensitive.
createdAt
date When the pattern was created.
updatedAt
date When the pattern was last updated.
Request example
This request gets the pattern named MY_REGEX_PATTERN.
Response example
View an identification framework by name
GET /sdd/template/{templateName}
Get an identification framework by name.
Query parameters
templateName
string The name of the identification framework.
Yes
Response parameters
id
integer The unique ID of the framework.
createdBy
array Includes details about the user who created the framework, such as their profile id, name, and email.
name
string Unique, request-friendly framework name.
displayName
string Unique, human-readable framework name.
description
string The framework description.
classifiers
array The rules in the framework and any overrides for those rules.
createdAt
date When the framework was created.
updatedAt
date When the framework was last updated.
Request example
This request gets the identification framework named MY_FIRST_FRAMEWORK.
Response example
View the current global framework
GET /sdd/template/global
View the current global framework.
Response parameters
id
integer The unique ID of the framework.
name
string Unique, request-friendly framework name.
displayName
string Unique, human-readable framework name.
description
string The framework description.
classifiers
array The rules in the framework and any overrides for those rules.
createdBy
array Includes details about the user who created the framework, such as their profile id, name, and email.
createdAt
date When the framework was created.
updatedAt
date When the framework was last updated.
Request example
This request gets the current global framework information.
Response example
Apply identification frameworks to data sources
PUT /sdd/template/apply
Apply an identification framework to a set of data sources.
Payload parameters
template
string The name of the identification framework to apply to the data sources. null to clear current framework, and the data source will use the global framework.
Yes
sources
string The name of the data sources to apply the framework to.
Yes
Response parameters
success
boolean When true, the request was successful.
Request example
This request applies the MY_FIRST_FRAMEWORK framework to the Public Case data source.
Payload example
Response example
Run SDD on data sources
POST /sdd/run
Run SDD on specified data sources.
Payload parameters
sources
string The name of the data sources to apply the identification framework to.
Yes
all
boolean If true, SDD will run on all Immuta data sources.
No
wait
integer The number of seconds to wait for the SDD jobs to finish. The value -1 will wait until the jobs complete. Default is -1.
No
dryRun
boolean When true, SDD will not update the tags on the data source(s). Instead of applying tags, SDD returns the tags that would be applied to the data source. This allows users to evaluate whether or not rules or frameworks are applying tags correctly without updating the data source. Default is false.
No
template
string If passed, Immuta will run SDD with this framework instead of the applied framework on the data source(s). Passing template when dryRun is false will cause an error.
No
Response parameters
id
string The unique identifier of the job.
state
string The job state. Statuses include created, retry, active, completed, expired, cancelled, or failed.
output
array[string] Information about the tags applied on the data source, including diff (added and removed tags) and the current state of allTags on all columns in the data sources.
Request example: Run SDD on a single data source
This request runs SDD on the data source Public Case.
Payload example
Response example
Request example: Run SDD on all data sources
This request runs SDD on all your data sources.
Payload example
Response example
Request example: Test run SDD on all data sources
This request runs SDD on the Medical Claims data source with the PII_REVISION framework, but will not tag any columns if matches are found.
Payload example
Response example
Update patterns or identification frameworks
Update a pattern
PUT /sdd/classifier/{classifierName}
Update a pattern. Partial updates are not supported.
Query parameters
classifierName
string The name of the pattern to update.
Yes
Payload parameters
name
string Unique, request-friendly pattern name.
Yes
displayName
string Unique, human-readable pattern name.
Yes
description
string The pattern description.
Yes
type
string The type of pattern: regex, dictionary, columnNameRegex, or builtIn.
Yes
config
object The configuration of the pattern, which includes config.values, config.caseSensitive, config.regex, config.columnNameRegex, and config.tags.
Yes
config.tags
array[string] The default resulting tags to apply when the pattern is matched; they must begin with Discovered . .
No
config.regex
string A case-insensitive regular expression to match against column values. The pattern must have regex, columnNameRegex, or values to match to data.
No
config.columnNameRegex
string A case-insensitive regular expression to match against column names. The pattern must have regex, columnNameRegex, or values to match to data.
No
config.values
array[string] The list of words included in the dictionary to match against column values. The pattern must have regex, columnNameRegex, or values to match to data.
No
config.caseSensitive
boolean Indicates whether or not values are case sensitive. Defaults to false.
No
Response parameters
createdBy
array Includes details about the user who created the pattern, such as their profile id, name, and email.
name
string Unique, request-friendly pattern name.
displayName
string Unique, human-readable pattern name.
description
string The pattern description.
type
string The type of pattern: regex, dictionary, columnNameRegex, or builtIn.
config
object The configuration of the pattern, which includes config.values, config.caseSensitive, config.regex, config.columnNameRegex, and config.tags.
config.tags
array[string] The default resulting tags to apply to the data source when the pattern is matched.
config.columnNameRegex
string A case-insensitive regular expression to match against column names.
config.regex
string A case-insensitive regular expression to match against column values.
config.values
array[string] The list of words included in the dictionary to match against column values.
config.caseSensitive
boolean Indicates whether or not values are case sensitive.
createdAt
date When the pattern was created.
updatedAt
date When the pattern was last updated.
Request example
The following request updates the name and description of the MY_REGEX_PATTERN pattern.
Payload example
Response example
Clone an identification framework
POST /sdd/template/{templateName}/clone
Clone an identification framework.
Query parameters
templateName
string The name of the identification framework to clone.
Yes
Payload parameters
name
string Unique, request-friendly framework name for the cloned framework.
Yes
displayName
string Unique, human-readable framework name for the cloned framework.
Yes
description
string The cloned framework description.
No
Response parameters
id
integer The unique ID of the framework.
createdBy
array Includes details about the user who created the framework, such as their profile id, name, and email.
name
string Unique, request-friendly framework name.
displayName
string Unique, human-readable framework name.
description
string The framework description.
classifiers
array The rules in the framework and any overrides for those rules.
createdAt
date When the framework was created.
updatedAt
date When the framework was last updated.
Request example
This request clones the MY_FIRST_FRAMEWORK identification framework.
Payload example
Response example
Update an identification framework
PUT /sdd/template/{templateName}
Update an identification framework.
Query parameters
templateName
string The name of the identification framework to update.
Yes
Payload parameters
name
string Unique, request-friendly framework name.
Yes
displayName
string Unique, human-readable framework name.
Yes
description
string The framework description.
Yes
classifiers
array The patterns to include in the framework and any additional overrides for those patterns.
Yes
classifiers.name
string The name of the pattern to include in the framework.
Yes
classifiers.overrides
array The overrides to modify the pattern for this framework.
No
classifiers.overrides.tags
array The resulting tags to apply when the pattern is matched. These tags will override the pattern's default tags and must begin with Discovered . .
No
Response parameters
id
integer The unique ID of the framework.
createdBy
array Includes details about the user who created the framework, such as their profile id, name, and email.
name
string Unique, request-friendly framework name.
displayName
string Unique, human-readable framework name.
description
string The framework description.
classifiers
array The rules in the framework and any overrides for those rules.
createdAt
date When the framework was created.
updatedAt
date When the framework was last updated.
Request example
The following request updates the name of, description of, and rules in the MY_FIRST_FRAMEWORK identification framework.
Payload example
Response example
Delete patterns or identification frameworks
Delete a pattern
DELETE /sdd/classifier/{classifierName}
Delete a pattern.
Query parameters
classifierName
string The name of the pattern to delete.
Yes
Response parameters
createdBy
array Includes details about the user who created the pattern, such as their profile id, name, and email.
name
string Unique, request-friendly pattern name.
displayName
string Unique, human-readable pattern name.
description
string The pattern description.
type
string The type of pattern: regex, dictionary, columnNameRegex, or builtIn.
config
object The configuration of the pattern, which includes config.values, config.caseSensitive, config.regex, config.columnNameRegex, and config.tags.
config.tags
array[string] The default resulting tags to apply to the data source when the pattern is matched.
config.columnNameRegex
string A case-insensitive regular expression to match against column names.
config.regex
string A case-insensitive regular expression to match against column values.
config.values
array[string] The list of words included in the dictionary to match against column values.
config.caseSensitive
boolean Indicates whether or not values are case sensitive.
createdAt
date When the pattern was created.
updatedAt
date When the pattern was last updated.
Request example
The following request deletes the REGULAR_EXPRESSION pattern.
Response example
Delete an identification framework
DELETE /sdd/template/{templateName}
Delete an identification framework.
Query parameters
templateName
string The name of the identification framework to delete.
Yes
Response parameters
id
integer The unique ID of the framework.
createdBy
array Includes details about the user who created the framework, such as their profile id, name, and email.
name
string Unique, request-friendly framework name.
displayName
string Unique, human-readable framework name.
description
string The framework description.
classifiers
array The rules in the framework and any overrides for those rules.
createdAt
date When the framework was created.
updatedAt
date When the framework was last updated.
Request example
The following request deletes the HEALTH_DATA identification framework.
Response example
Last updated