Manage Identification Frameworks

Prerequisite

.

Command overview: immuta sdd template

This command allows you to manage identification frameworks, which are a collection of rules and settings used to drive the configuration of SDD runs. The table below illustrates subcommands and arguments.

Options

Use these options to get more details about the sdd template command or any of its subcommands:

• -h

• --help

$ immuta sdd template -h
Manage Sensitive Data Discovery Templates

Usage:
  immuta sdd template [command]

Available Commands:
  create      Create an SDD template
  delete      Delete the passed SDD template
  get         Get an SDD template
  global      Get the SDD global template
  search      Search all templates
  update      Update an SDD template

Flags:
  -h, --help   Help for template

Global Flags:
      --config string    Config file (default $HOME/.immutacfg.yaml)
  -p, --profile string   Specifies the profile for what instance/api the cli will use (default "default")

Use "immuta sdd template [command] --help" for more information about a command.

Create an identification framework

1. Save your framework to a valid YAML or JSON file using these attributes:

   Attribute

   Description

   Required

   name

   string Unique, request-friendly framework name.

   Yes

   displayName

   string Unique, human-readable framework name.

   Yes

   description

   string The framework description.

   Yes

   classifiers

   array Includes each rules's name and overrides for minConfidence and tags.

   Yes

   An example is provided below.

   Copy

   {
     "name": "ACCOUNT_NUMBERS_FRAMEWORK",
     "displayName": "Account Numbers Framework",
     "description": "This framework contains the rule that recognizes account numbers.",
     "classifiers": [
       {
         "name": "ACCOUNT_NUMBER_RULE"
       }
     ]
   }

2. Run immuta sdd template create <filepath> [flags], referencing the file you just created. The options you can specify include

   • -h or --help: Get more information about the command.

   • -o or --output json | yaml: Specify the output format.

   • --outputTemplate string: Format the response using a Go template.

Example

$ immuta sdd template create ./account-template.json -o json
{
  "name": "ACCOUNT_NUMBERS_FRAMEWORK",
  "displayName": "Account Numbers Framework",
  "description": "This framework contains the rule that recognizes account numbers.",
  "createdBy": {
    "id": 1,
    "name": "Example User",
    "email": "user@example.com"
  },
  "id": 2,
  "createdAt": "2022-03-28T15:48:02.977Z",
  "updatedAt": "2022-03-28T15:48:02.977Z",
  "classifiers": [
    {
      "name": "ACCOUNT_NUMBER_RULE",
      "overrides": {}
    }
  ]
}

Get an identification framework

Run immuta sdd template get <frameworkName> [flags], specifying the name of the framework you would like to get. Options you can specify include

• -h or --help: Get more information about the command.

• -o or --output json | yaml: Specify the output format.

• --outputTemplate string: Format the response using a Go template.

Example

The example below illustrates a user getting a framework named ACCOUNT_NUMBERS_FRAMEWORK.

$ immuta sdd template get ACCOUNT_NUMBERS_FRAMEWORK
Getting template ACCOUNT_NUMBERS_FRAMEWORK...
{
  "name": "ACCOUNT_NUMBERS_FRAMEWORK",
  "displayName": "Account Numbers Framework",
  "description": "This framework contains the rule that recognizes account numbers.",
  "createdBy": {
    "id": 1,
    "name": "Example User",
    "email": "user@example.com"
  },
  "id": 2,
  "createdAt": "2022-03-28T15:48:02.977Z",
  "updatedAt": "2022-03-28T15:48:02.977Z",
  "classifiers": [
    {
      "name": "ACCOUNT_NUMBER_RULE",
      "overrides": {}
    }
  ]
}

Get the global framework

Run immuta sdd template global [flags], to get the global framework that has been configured for sensitive data discovery. Options you can specify include

• -h or --help: Get more information about the command.

• -o or --output json | yaml: Specify the output format.

• --outputTemplate string: Format the response using a Go template.

Example

The example below illustrates a user getting the global framework that had been configured in the Immuta UI by an administrator.

$ immuta sdd template global
Getting global template...
{
  "name": "ACCOUNT_NUMBERS_FRAMEWORK",
  "displayName": "Account Numbers Framework",
  "description": "This framework contains the rule that recognizes account numbers.",
  "createdBy": {
    "id": 1,
    "name": "Example User",
    "email": "user@example.com"
  },
  "id": 3,
  "createdAt": "2022-03-28T17:10:48.507Z",
  "updatedAt": "2022-03-28T17:10:48.507Z",
  "classifiers": [
    {
      "name": "ACCOUNT_NUMBER_RULE",
      "overrides": {}
    }
  ]
}

Search identification frameworks

Run immuta sdd template search [string] [flags] to list all identification frameworks or search identification frameworks by name. Options you can specify include

• --classifiers strings: Limit results to only frameworks that contain the specified rules.

• -h, --help: Help for search.

• --limit int The search limit for pagination (default 25).

• --offset int: The search offset for pagination.

• --order asc | desc: The sort order.

• -o, --output json | yaml: The output format.

• --outputTemplate string: Format the response using a Go template.

• -s, --sort id | name | displayName | type | createdAt | updatedAt: Field to sort by.

Example

The example below illustrates a user searching all frameworks containing the ACCOUNT_NUMBER_RULE.

$ immuta sdd template search --classifiers="ACCOUNT_NUMBER_RULE"
Searching all templates...
ACCOUNT_NUMBERS_FRAMEWORK This framework contains the rule that recognizes account numbers.
Displaying 1 of 1 templates

Update an identification framework

1. Update your framework in a valid YAML or JSON file using these attributes:

   Attribute

   Description

   Required

   name

   string Unique, request-friendly framework name.

   Yes

   displayName

   string Unique, human-readable framework name.

   Yes

   description

   string The framework description.

   Yes

   classifiers

   array Includes each rules's name and overrides for minConfidence and tags.

   Yes

2. Run immuta sdd template update <frameworkName> <filepath> [flags], referencing the file you just updated. The options you can specify include

   • -h or --help: Get more information about the command.

   • -o or --output json | yaml: Specify the output format.

   • --outputTemplate string: Format the response using a Go template.

Example

The example below illustrates a user updating a framework named ACCOUNT_NUMBERS_FRAMEWORK.

$ immuta sdd template update ACCOUNT_NUMBERS_FRAMEWORK ./account-template -o json
{
  "name": "ACCOUNT_NUMBERS_FRAMEWORK",
  "displayName": "Account Numbers Framework",
  "description": "This framework contains the rule that recognizes account numbers.",
  "createdBy": {
    "id": 1,
    "name": "Example User",
    "email": "user@example.com"
  },
  "id": 2,
  "createdAt": "2022-03-28T15:48:02.977Z",
  "updatedAt": "2022-03-28T16:15:01.791Z",
  "classifiers": [
    {
      "name": "ACCOUNT_NUMBER_RULE",
      "overrides": {}
    }
  ]
}

Delete an identification framework

Run immuta sdd template delete <frameworkName> [flags] to delete the framework. The options you can specify include

• -h or --help: Get more information about the command.

• -o or --output json | yaml: Specify the output format.

• --outputTemplate string: Format the response using a Go template.

Example

$ immuta sdd template delete ACCOUNT_NUMBERS_FRAMEWORK -o json
{
  "name": "ACCOUNT_NUMBERS_FRAMEWORK",
  "displayName": "Account Numbers Framework",
  "description": "This framework contains the rule that recognizes account numbers.",
  "createdBy": {
    "id": 1,
    "name": "Example User",
    "email": "user@example.com"
  },
  "id": 2,
  "createdAt": "2022-03-28T15:48:02.977Z",
  "updatedAt": "2022-03-28T16:15:01.791Z",
  "classifiers": [
    {
      "name": "ACCOUNT_NUMBER_FRAMEWORK",
      "overrides": {}
    }
  ]
}