Skip to content

Create a Rule with a Regex Pattern


In previous documentation, rule is referred to as classifier or identifier and framework is referred to as template.

Use case: Custom regex pattern

Scenario: You've listed Immuta's built-in patterns for sensitive data discovery, but you discover there is no rule that can automatically identify and tag columns that contain account numbers in your database.

In this scenario, you can create a rule with a regex pattern specific to your account numbers. Immuta's sensitive data discovery will use your new regex pattern to find matches and tag them. For example, if a table contains account numbers in the form of xxxxxxxxx-xxx-x, you could define a regex pattern in a rule to identify and tag these columns. The tutorial below uses this scenario.

Attributes of a rule with a regex pattern

Attributes of all rules are provided on the Sensitive data discovery API page. However, attributes specific to the regex pattern are outlined in the table below.

Attribute Description Required
name string Unique, request-friendly rule name. Yes
displayName string Unique, human-readable rule name. Yes
description string The rule description. Yes
type string The type of pattern: regex. Yes
config object The configuration of the rule, which includes config.minConfidence, config.tags, and config.regex. Yes
config.minConfidence number When the detection confidence is at least this percentage, tags are applied. Yes
config.tags array[string] The name of the tags to apply to the data source. Note: All tags must start with Discovered.. Yes
config.regex string A case-insensitive regular expression to match against column values. Yes

Create a rule with a regex pattern

  1. Generate your API key on the API Keys tab on your profile page and save the API key somewhere secure. You will include this API key in the authorization header when you make a request to the Immuta API or use it to configure your instance with the Immuta CLI.

  2. Save the rule with a regex pattern payload in a .json file.

      "name": "ACCOUNT_NUMBER_RULE",
      "displayName": "Account Number Rule",
      "description": "This rule recognizes account numbers using a regex",
      "type": "regex",
      "config": {
        "regex": "^[0-9]{9}-[0-9]{3}-[0-9]{1}$",
        "minConfidence": 0.5,
        "tags": ["Discovered.account-number"]
  3. Create the rule using one of these methods:

    Immuta CLI

    immuta api sdd/classifier -X POST --input ./example-payload.json


    curl \
        --request POST \
        --header "Content-Type: application/json" \
        --header "Authorization: 12345678900000" \
        --data @example-payload.json \
  4. If the request is successful, you will receive a response that contains details about the rule.

      "createdBy": {
        "id": 1,
        "name": "John",
        "email": ""
      "name": "ACCOUNT_NUMBER_RULE",
      "displayName": "Account Number Rule",
      "description": "This rule recognizes account numbers using a regex",
      "type": "regex",
      "config": {
        "tags": [
        "regex": "[0-9]{9}-[0-9]{3}-[0-9]{1}",
        "minConfidence": 0.5
      "id": 1,
      "createdAt": "2021-10-14T18:48:56.289Z",
      "updatedAt": "2021-10-14T18:48:56.289Z"

What's next

Continue to one of the following tutorials:

  • Run sensitive data discovery on data sources: Trigger SDD to run on specified data sources.
  • Create a framework: Although only data governors can create rules, data owners can add rules to frameworks, which they then apply to their data sources to override minConfidence or tags for rules within the framework.