Manage Sensitive Data Discovery Rules
Prerequisite
Sensitive data discovery must be enabled.
Command overview: immuta sdd classifier
immuta sdd classifierThis command allows you to manage rules that will apply tags to data that matches patterns you specify during SDD. The table below illustrates subcommands and arguments.
Options
Use these options to get more details about the sdd classifier command or any of its subcommands:
-h--help
$ immuta sdd classifier -h
Manage Sensitive Data Discovery Classifiers
Usage:
immuta sdd classifier [command]
Available Commands:
create Create an SDD classifier
delete Delete the passed SDD classifier
get Get an SDD classifier
search Search all classifiers
update Update an SDD classifier
Flags:
-h, --help Help for classifier
Global Flags:
--config string Config file (default $HOME/.immutacfg.yaml)
-p, --profile string Specifies the profile for what instance/api the cli will use (default "default")
Use "immuta sdd classifier [command] --help" for more information about a command.Create a rule
Save your rule to a valid YAML or JSON file using these attributes.
AttributeDescriptionRequiredname
stringUnique, request-friendly rule name.Yes
displayName
stringUnique, human-readable rule name.Yes
description
stringThe rule description.Yes
type
stringThe type of pattern:regex,dictionary,columnNameRegex, orbuiltIn.Yes
config
objectThe configuration of the rule, which may includeconfig.values,config.caseSensitive,config.regex,config.columnNameRegex, andconfig.tags.Yes
config.tags
array[string]The name of the tags to apply to the data source.Yes
config.regex
stringA case-insensitive regular expression to match against column values.No
config.columnNameRegex
stringA case-insensitive regular expression to match against column names.No
config.values
array[string]The list of words to include in the dictionary.No
config.caseSensitive
booleanIndicates whether or notvaluesare case sensitive. Defaults tofalse.No
Examples are provided below.
Run
immuta sdd classifier create <filepath> [flags], referencing the file you just created. The options you can specify include-hor--help: Get more information about the command.-oor--output json | yaml: Specify the output format.--outputTemplate string: Format the response using a Go template.
{
"name": "MY_REGEX_RULE",
"displayName": "My Regex Rule",
"description": "A rule using regex pattern",
"type": "regex",
"config": {
"regex": "^[A-Z][a-z]+",
"tags": ["Discovered.regex-example"]
}
}{
"name": "MY_DICTIONARY_RULE",
"displayName": "My Dictionary Rule",
"description": "A rule using dictionary pattern",
"type": "dictionary",
"config": {
"values": ["Bob", "Eve"],
"caseSensitive": true,
"tags": ["Discovered.dictionary-example", "Discovered.dictionary-pattern-example"]
}
}{
"name": "MY_COLUMN_NAME_REGEX_RULE",
"displayName": "My Column Name Regex Rule",
"description": "A rule using column name regex pattern",
"type": "columnNameRegex",
"config": {
"columnNameRegex": "ssn|social ?security",
"tags": ["Discovered.column-name-regex-example"]
}
}Example
$ immuta sdd classifier create ./account-classifier.json
Creating classifier from ./account-classifier...
Create successful.Get a rule
Run immuta sdd classifier get <classifierName> [flags], specifying the name of the rule you would like to get. Options you can specify include
-hor--help: Get more information about the command.-oor--output json | yaml: Specify the output format.--outputTemplate string: Format the response using a Go template.
Example
The example below illustrates a user getting a rule called ACCOUNT_NUMBER_RULE.
$ immuta sdd classifier get ACCOUNT_NUMBER_RULE
Getting classifier ACCOUNT_NUMBER_RULE...
{
"createdBy": {
"id": 1,
"name": "Example User",
"email": "[email protected]"
},
"name": "ACCOUNT_NUMBER_RULE",
"displayName": "Account Number Rule",
"description": "This rule recognizes account numbers using a regex pattern",
"type": "regex",
"config": {
"tags": [
"Discovered.account-number"
],
"regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$"
},
"id": 69,
"createdAt": "2022-03-28T14:52:14.004Z",
"updatedAt": "2022-03-28T14:52:14.004Z"
}Search rules
Run immuta sdd classifier search [string] [flags] to list all rules or search rules by name. Options you can specify include
-h,--help: Help for search.--limit intThe search limit for pagination (default 25).--offset int: The search offset for pagination.--order asc | desc: The sort order.-o,--output json | yaml: The output format.--outputTemplate string: Format the response using a Go template.-s,--sort id | name | displayName | type | createdAt | updatedAt: Field to sort by.--type regex | columnNameRegex | dictionary | builtIn: Limit results to the specified pattern type.
Example
The example below illustrates a user searching all rules containing account.
$ immuta sdd classifier search account
Searching all classifiers...
ACCOUNT_NUMBER_RULE This rule recognizes account numbers using a regex pattern.Update a rule
Update your rule in a valid YAML or JSON file using these attributes:
AttributeDescriptionRequiredname
stringUnique, request-friendly rule name.Yes
displayName
stringUnique, human-readable rule name.Yes
description
stringThe rule description.Yes
type
stringThe type of pattern:regex,dictionary,columnNameRegex, orbuiltIn.Yes
config
objectThe configuration of the rule, which may includeconfig.values,config.caseSensitive,config.regex,config.columnNameRegex, andconfig.tags.Yes
config.tags
array[string]The name of the tags to apply to the data source.Yes
config.regex
stringA case-insensitive regular expression to match against column values.No
config.columnNameRegex
stringA case-insensitive regular expression to match against column names.No
config.values
array[string]The list of words to include in the dictionary.No
config.caseSensitive
booleanIndicates whether or notvaluesare case sensitive. Defaults tofalse.No
Run
immuta sdd classifier update <classifierName> <filepath> [flags], referencing the file you just updated. The options you can specify include-hor--help: Get more information about the command.-oor--output json | yaml: Specify the output format.--outputTemplate string: Format the response using a Go template.
Example
The example below illustrates a user updating a rule named ACCOUNT_NUMBER_RULE.
$ immuta sdd classifier update ACCOUNT_NUMBER_RULE ./account-classifier -o json
{
"createdBy": {
"id": 1,
"name": "Example User",
"email": "[email protected]"
},
"name": "ACCOUNT_NUMBER_RULE",
"displayName": "Account Number Rule",
"description": "This rule recognizes account numbers using a regex pattern.",
"type": "regex",
"config": {
"tags": [
"Discovered.account-number"
],
"regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$"
},
"id": 69,
"createdAt": "2022-03-28T14:52:14.004Z",
"updatedAt": "2022-03-28T15:25:28.575Z"
}Delete a rule
Run immuta sdd classifier delete <classifierName> [flags] to delete the rule. The options you can specify include
-hor--help: Get more information about the command.-oor--output json | yaml: Specify the output format.--outputTemplate string: Format the response using a Go template.
Example
$ immuta sdd classifier delete ACCOUNT_NUMBER_RULE -o json
{
"createdBy": {
"id": 1,
"name": "Example User",
"email": "[email protected]"
},
"name": "ACCOUNT_NUMBER_RULE",
"displayName": "Account Number Rule",
"description": "This rule recognizes account numbers using a regex pattern.",
"type": "regex",
"config": {
"tags": [
"Discovered.account-number"
],
"regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$"
},
"id": 69,
"createdAt": "2022-03-28T14:52:14.004Z",
"updatedAt": "2022-03-28T15:25:28.575Z"
}Last updated
Was this helpful?