Create a Rule with a Regex Pattern
Note
In previous documentation, rule is referred to as classifier or identifier and framework is referred to as template.
Use case: Custom regex pattern
Scenario: You've listed Immuta's built-in patterns for sensitive data discovery, but you discover there is no rule that can automatically identify and tag columns that contain account numbers in your database.
In this scenario, you can create a rule with a regex pattern specific to your account numbers.
Immuta's sensitive data discovery will use your new regex pattern to find matches and tag them.
For example, if a table contains account numbers in the form of xxxxxxxxx-xxx-x, you could define a regex pattern
in a rule to identify and
tag these columns. The tutorial below uses this scenario.
Attributes of a rule with a regex pattern
Attributes of all rules are provided on the Sensitive data discovery API page. However, attributes specific to the regex pattern are outlined in the table below.
| Attribute | Description | Required |
|---|---|---|
| name | string Unique, request-friendly rule name. |
Yes |
| displayName | string Unique, human-readable rule name. |
Yes |
| description | string The rule description. |
Yes |
| type | string The type of pattern: regex. |
Yes |
| config | object The configuration of the rule, which includes config.minConfidence, config.tags, and config.regex. |
Yes |
| config.minConfidence | number When the detection confidence is at least this percentage, tags are applied. |
Yes |
| config.tags | array[string] The name of the tags to apply to the data source. Note: All tags must start with Discovered.. |
Yes |
| config.regex | string A case-insensitive regular expression to match against column values. |
Yes |
Create a rule with a regex pattern
-
Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure. You will include this API key in the authorization header when you make a request to the Immuta API or use it to configure your instance with the Immuta CLI.
-
Save the rule with a regex pattern payload in a .json file.
{ "name": "ACCOUNT_NUMBER_RULE", "displayName": "Account Number Rule", "description": "This rule recognizes account numbers using a regex", "type": "regex", "config": { "regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$", "minConfidence": 0.5, "tags": ["Discovered.account-number"] } } -
Create the rule using one of these methods:
Immuta CLI
immuta api sdd/classifier -X POST --input ./example-payload.jsonHTTP API
curl \ --request POST \ --header "Content-Type: application/json" \ --header "Authorization: 12345678900000" \ --data @example-payload.json \ https://your-immuta-url.immuta.com/sdd/classifier -
If the request is successful, you will receive a response that contains details about the rule.
{ "createdBy": { "id": 1, "name": "John", "email": "john@example.com" }, "name": "ACCOUNT_NUMBER_RULE", "displayName": "Account Number Rule", "description": "This rule recognizes account numbers using a regex", "type": "regex", "config": { "tags": [ "Discovered.account-number" ], "regex": "[0-9]{9}-[0-9]{3}-[0-9]{1}", "minConfidence": 0.5 }, "id": 1, "createdAt": "2021-10-14T18:48:56.289Z", "updatedAt": "2021-10-14T18:48:56.289Z" }
What's next
Continue to one of the following tutorials:
- Run sensitive data discovery on data sources: Trigger SDD to run on specified data sources.
- Create a framework: Although only data governors can create rules, data owners
can add rules to frameworks, which they then apply to their data sources to override
minConfidenceor tags for rules within the framework.