# Manage Sensitive Data Discovery Rules {% hint style="info" %} In previous documentation, rule is referred to as classifier or identifier and framework is referred to as template. {% endhint %} ## Prerequisite [Sensitive data discovery must be enabled](/2024.2/discover-your-data/data-discovery/how-to-guides/enable-sdd.md). ## Command overview: `immuta sdd classifier` This command allows you to manage rules that will apply tags to data that matches patterns you specify during SDD. The table below illustrates subcommands and arguments. | Subcommands | Aliases | Description | | -------------------------- | ------------ | ----------------------- | | [`create`](#create-a-rule) | `save` | Create a rule. | | [`delete`](#delete-a-rule) | None | Delete the passed rule. | | [`get`](#get-a-rule) | None | Get a rule. | | [`search`](#search-rules) | `ls`, `list` | Search all rules. | | [`update`](#update-a-rule) | None | Update a rule. | ### Options Use these options to get more details about the `sdd classifier` command or any of its subcommands: * `-h` * `--help` ```bash $ immuta sdd classifier -h Manage Sensitive Data Discovery Classifiers Usage: immuta sdd classifier [command] Available Commands: create Create an SDD classifier delete Delete the passed SDD classifier get Get an SDD classifier search Search all classifiers update Update an SDD classifier Flags: -h, --help Help for classifier Global Flags: --config string Config file (default $HOME/.immutacfg.yaml) -p, --profile string Specifies the profile for what instance/api the cli will use (default "default") Use "immuta sdd classifier [command] --help" for more information about a command. ``` ## Create a rule 1. Save your rule to a valid YAML or JSON file using these attributes. | Attribute | Description | Required | | -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | | **name** | `string` Unique, request-friendly rule name. | **Yes** | | **displayName** | `string` Unique, human-readable rule name. | **Yes** | | **description** | `string` The rule description. | **Yes** | | **type** | `string` The type of pattern: `regex`, `dictionary`, `columnNameRegex`, or `builtIn`. | **Yes** | | **config** | `object` The configuration of the rule, which may include `config.values`, `config.caseSensitive`, `config.regex`, `config.columnNameRegex`, and `config.tags`. | **Yes** | | config.**tags** | `array[string]` The name of the tags to apply to the data source. | **Yes** | | config.**regex** | `string` A case-insensitive regular expression to match against column values. | No | | config.**columnNameRegex** | `string` A case-insensitive regular expression to match against column names. | No | | config.**values** | `array[string]` The list of words to include in the dictionary. | No | | config.**caseSensitive** | `boolean` Indicates whether or not `values` are case sensitive. **Defaults to `false`.** | No | *Examples are provided below.* 2. Run `immuta sdd classifier create [flags]`, referencing the file you just created. The options you can specify include * `-h` or `--help`: Get more information about the command. * `-o` or `--output json | yaml`: Specify the output format. * `--outputTemplate string`: Format the response using a Go template. {% tabs %} {% tab title="Regex pattern" %} ```json { "name": "MY_REGEX_RULE", "displayName": "My Regex Rule", "description": "A rule using regex pattern", "type": "regex", "config": { "regex": "^[A-Z][a-z]+", "tags": ["Discovered.regex-example"] } } ``` {% endtab %} {% tab title="Dictionary pattern" %} ```json { "name": "MY_DICTIONARY_RULE", "displayName": "My Dictionary Rule", "description": "A rule using dictionary pattern", "type": "dictionary", "config": { "values": ["Bob", "Eve"], "caseSensitive": true, "tags": ["Discovered.dictionary-example", "Discovered.dictionary-pattern-example"] } } ``` {% endtab %} {% tab title="Column name regex pattern" %} ```json { "name": "MY_COLUMN_NAME_REGEX_RULE", "displayName": "My Column Name Regex Rule", "description": "A rule using column name regex pattern", "type": "columnNameRegex", "config": { "columnNameRegex": "ssn|social ?security", "tags": ["Discovered.column-name-regex-example"] } } ``` {% endtab %} {% endtabs %} ### Example ```bash $ immuta sdd classifier create ./account-classifier.json Creating classifier from ./account-classifier... Create successful. ``` ## Get a rule Run `immuta sdd classifier get [flags]`, specifying the name of the rule you would like to get. Options you can specify include * `-h` or `--help`: Get more information about the command. * `-o` or `--output json | yaml`: Specify the output format. * `--outputTemplate string`: Format the response using a Go template. ### Example The example below illustrates a user getting a rule called ACCOUNT\_NUMBER\_RULE. ```bash $ immuta sdd classifier get ACCOUNT_NUMBER_RULE Getting classifier ACCOUNT_NUMBER_RULE... { "createdBy": { "id": 1, "name": "Example User", "email": "user@example.com" }, "name": "ACCOUNT_NUMBER_RULE", "displayName": "Account Number Rule", "description": "This rule recognizes account numbers using a regex pattern", "type": "regex", "config": { "tags": [ "Discovered.account-number" ], "regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$" }, "id": 69, "createdAt": "2022-03-28T14:52:14.004Z", "updatedAt": "2022-03-28T14:52:14.004Z" } ``` ## Search rules Run `immuta sdd classifier search [string] [flags]` to list all rules or search rules by name. Options you can specify include * `-h`, `--help`: Help for search. * `--limit int` The search limit for pagination (default 25). * `--offset int`: The search offset for pagination. * `--order asc | desc`: The sort order. * `-o`, `--output json | yaml`: The output format. * `--outputTemplate string`: Format the response using a Go template. * `-s`, `--sort id | name | displayName | type | createdAt | updatedAt`: Field to sort by. * `--type regex | columnNameRegex | dictionary | builtIn`: Limit results to the specified pattern type. ### Example The example below illustrates a user searching all rules containing `account`. ```bash $ immuta sdd classifier search account Searching all classifiers... ACCOUNT_NUMBER_RULE This rule recognizes account numbers using a regex pattern. ``` ## Update a rule 1. Update your rule in a valid YAML or JSON file using these attributes: | Attribute | Description | Required | | -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | | **name** | `string` Unique, request-friendly rule name. | **Yes** | | **displayName** | `string` Unique, human-readable rule name. | **Yes** | | **description** | `string` The rule description. | **Yes** | | **type** | `string` The type of pattern: `regex`, `dictionary`, `columnNameRegex`, or `builtIn`. | **Yes** | | **config** | `object` The configuration of the rule, which may include `config.values`, `config.caseSensitive`, `config.regex`, `config.columnNameRegex`, and `config.tags`. | **Yes** | | config.**tags** | `array[string]` The name of the tags to apply to the data source. | **Yes** | | config.**regex** | `string` A case-insensitive regular expression to match against column values. | No | | config.**columnNameRegex** | `string` A case-insensitive regular expression to match against column names. | No | | config.**values** | `array[string]` The list of words to include in the dictionary. | No | | config.**caseSensitive** | `boolean` Indicates whether or not `values` are case sensitive. **Defaults to `false`.** | No | 2. Run `immuta sdd classifier update [flags]`, referencing the file you just updated. The options you can specify include * `-h` or `--help`: Get more information about the command. * `-o` or `--output json | yaml`: Specify the output format. * `--outputTemplate string`: Format the response using a Go template. ### Example The example below illustrates a user updating a rule named ACCOUNT\_NUMBER\_RULE. ```bash $ immuta sdd classifier update ACCOUNT_NUMBER_RULE ./account-classifier -o json { "createdBy": { "id": 1, "name": "Example User", "email": "user@example.com" }, "name": "ACCOUNT_NUMBER_RULE", "displayName": "Account Number Rule", "description": "This rule recognizes account numbers using a regex pattern.", "type": "regex", "config": { "tags": [ "Discovered.account-number" ], "regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$" }, "id": 69, "createdAt": "2022-03-28T14:52:14.004Z", "updatedAt": "2022-03-28T15:25:28.575Z" } ``` ## Delete a rule Run `immuta sdd classifier delete [flags]` to delete the rule. The options you can specify include * `-h` or `--help`: Get more information about the command. * `-o` or `--output json | yaml`: Specify the output format. * `--outputTemplate string`: Format the response using a Go template. ### Example ```bash $ immuta sdd classifier delete ACCOUNT_NUMBER_RULE -o json { "createdBy": { "id": 1, "name": "Example User", "email": "user@example.com" }, "name": "ACCOUNT_NUMBER_RULE", "displayName": "Account Number Rule", "description": "This rule recognizes account numbers using a regex pattern.", "type": "regex", "config": { "tags": [ "Discovered.account-number" ], "regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$" }, "id": 69, "createdAt": "2022-03-28T14:52:14.004Z", "updatedAt": "2022-03-28T15:25:28.575Z" } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://documentation.immuta.com/2024.2/developer-guides/the-immuta-cli/manage-sensitive-data-discovery/classifiers.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.