Manage Sensitive Data Discovery Rules

In previous documentation, rule is referred to as classifier or identifier and framework is referred to as template.

Prerequisite

Sensitive data discovery must be enabled.

Command overview: immuta sdd classifier

This command allows you to manage rules that will apply tags to data that matches patterns you specify during SDD. The table below illustrates subcommands and arguments.

Subcommands
Aliases
Description

save

Create a rule.

None

Delete the passed rule.

None

Get a rule.

ls, list

Search all rules.

None

Update a rule.

Options

Use these options to get more details about the sdd classifier command or any of its subcommands:

  • -h

  • --help

$ immuta sdd classifier -h
Manage Sensitive Data Discovery Classifiers

Usage:
  immuta sdd classifier [command]

Available Commands:
  create      Create an SDD classifier
  delete      Delete the passed SDD classifier
  get         Get an SDD classifier
  search      Search all classifiers
  update      Update an SDD classifier

Flags:
  -h, --help   Help for classifier

Global Flags:
      --config string    Config file (default $HOME/.immutacfg.yaml)
  -p, --profile string   Specifies the profile for what instance/api the cli will use (default "default")

Use "immuta sdd classifier [command] --help" for more information about a command.

Create a rule

  1. Save your rule to a valid YAML or JSON file using these attributes.

    Attribute
    Description
    Required

    name

    string Unique, request-friendly rule name.

    Yes

    displayName

    string Unique, human-readable rule name.

    Yes

    description

    string The rule description.

    Yes

    type

    string The type of pattern: regex, dictionary, columnNameRegex, or builtIn.

    Yes

    config

    object The configuration of the rule, which may include config.values, config.caseSensitive, config.regex, config.columnNameRegex, and config.tags.

    Yes

    config.tags

    array[string] The name of the tags to apply to the data source.

    Yes

    config.regex

    string A case-insensitive regular expression to match against column values.

    No

    config.columnNameRegex

    string A case-insensitive regular expression to match against column names.

    No

    config.values

    array[string] The list of words to include in the dictionary.

    No

    config.caseSensitive

    boolean Indicates whether or not values are case sensitive. Defaults to false.

    No

    Examples are provided below.

  2. Run immuta sdd classifier create <filepath> [flags], referencing the file you just created. The options you can specify include

    • -h or --help: Get more information about the command.

    • -o or --output json | yaml: Specify the output format.

    • --outputTemplate string: Format the response using a Go template.

{
  "name": "MY_REGEX_RULE",
  "displayName": "My Regex Rule",
  "description": "A rule using regex pattern",
  "type": "regex",
  "config": {
    "regex": "^[A-Z][a-z]+",
    "tags": ["Discovered.regex-example"]
  }
}

Example

$ immuta sdd classifier create ./account-classifier.json
Creating classifier from ./account-classifier...
Create successful.

Get a rule

Run immuta sdd classifier get <classifierName> [flags], specifying the name of the rule you would like to get. Options you can specify include

  • -h or --help: Get more information about the command.

  • -o or --output json | yaml: Specify the output format.

  • --outputTemplate string: Format the response using a Go template.

Example

The example below illustrates a user getting a rule called ACCOUNT_NUMBER_RULE.

$ immuta sdd classifier get ACCOUNT_NUMBER_RULE
Getting classifier ACCOUNT_NUMBER_RULE...
{
  "createdBy": {
    "id": 1,
    "name": "Example User",
    "email": "user@example.com"
  },
  "name": "ACCOUNT_NUMBER_RULE",
  "displayName": "Account Number Rule",
  "description": "This rule recognizes account numbers using a regex pattern",
  "type": "regex",
  "config": {
    "tags": [
      "Discovered.account-number"
    ],
    "regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$"
  },
  "id": 69,
  "createdAt": "2022-03-28T14:52:14.004Z",
  "updatedAt": "2022-03-28T14:52:14.004Z"
}

Search rules

Run immuta sdd classifier search [string] [flags] to list all rules or search rules by name. Options you can specify include

  • -h, --help: Help for search.

  • --limit int The search limit for pagination (default 25).

  • --offset int: The search offset for pagination.

  • --order asc | desc: The sort order.

  • -o, --output json | yaml: The output format.

  • --outputTemplate string: Format the response using a Go template.

  • -s, --sort id | name | displayName | type | createdAt | updatedAt: Field to sort by.

  • --type regex | columnNameRegex | dictionary | builtIn: Limit results to the specified pattern type.

Example

The example below illustrates a user searching all rules containing account.

$ immuta sdd classifier search account
Searching all classifiers...
ACCOUNT_NUMBER_RULE This rule recognizes account numbers using a regex pattern.

Update a rule

  1. Update your rule in a valid YAML or JSON file using these attributes:

    Attribute
    Description
    Required

    name

    string Unique, request-friendly rule name.

    Yes

    displayName

    string Unique, human-readable rule name.

    Yes

    description

    string The rule description.

    Yes

    type

    string The type of pattern: regex, dictionary, columnNameRegex, or builtIn.

    Yes

    config

    object The configuration of the rule, which may include config.values, config.caseSensitive, config.regex, config.columnNameRegex, and config.tags.

    Yes

    config.tags

    array[string] The name of the tags to apply to the data source.

    Yes

    config.regex

    string A case-insensitive regular expression to match against column values.

    No

    config.columnNameRegex

    string A case-insensitive regular expression to match against column names.

    No

    config.values

    array[string] The list of words to include in the dictionary.

    No

    config.caseSensitive

    boolean Indicates whether or not values are case sensitive. Defaults to false.

    No

  2. Run immuta sdd classifier update <classifierName> <filepath> [flags], referencing the file you just updated. The options you can specify include

    • -h or --help: Get more information about the command.

    • -o or --output json | yaml: Specify the output format.

    • --outputTemplate string: Format the response using a Go template.

Example

The example below illustrates a user updating a rule named ACCOUNT_NUMBER_RULE.

$ immuta sdd classifier update ACCOUNT_NUMBER_RULE ./account-classifier -o json
{
  "createdBy": {
    "id": 1,
    "name": "Example User",
    "email": "user@example.com"
  },
  "name": "ACCOUNT_NUMBER_RULE",
  "displayName": "Account Number Rule",
  "description": "This rule recognizes account numbers using a regex pattern.",
  "type": "regex",
  "config": {
    "tags": [
      "Discovered.account-number"
    ],
    "regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$"
  },
  "id": 69,
  "createdAt": "2022-03-28T14:52:14.004Z",
  "updatedAt": "2022-03-28T15:25:28.575Z"
}

Delete a rule

Run immuta sdd classifier delete <classifierName> [flags] to delete the rule. The options you can specify include

  • -h or --help: Get more information about the command.

  • -o or --output json | yaml: Specify the output format.

  • --outputTemplate string: Format the response using a Go template.

Example

$ immuta sdd classifier delete ACCOUNT_NUMBER_RULE -o json
{
  "createdBy": {
    "id": 1,
    "name": "Example User",
    "email": "user@example.com"
  },
  "name": "ACCOUNT_NUMBER_RULE",
  "displayName": "Account Number Rule",
  "description": "This rule recognizes account numbers using a regex pattern.",
  "type": "regex",
  "config": {
    "tags": [
      "Discovered.account-number"
    ],
    "regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$"
  },
  "id": 69,
  "createdAt": "2022-03-28T14:52:14.004Z",
  "updatedAt": "2022-03-28T15:25:28.575Z"
}

Last updated

Other versions

SaaS2024.32024.1

Copyright © 2014-2024 Immuta Inc. All rights reserved.