Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Create Custom Advanced Patterns using Add Regex

  1. Last updated
  2. Save as PDF

You can use this option to add regex manually and then validate it using the validation algorithm. Additionally, you can use the BIN or Luhn validator to manage your credit or debit cards' Bank Identification Numbers (BIN). To minimize the number of false positives, you can add Ignored Expressions to exclude specific keywords or regular expressions from being processed as matches in DLP classifications.

To manually add regex to your Custom Advanced Patterns:

  1. Go to Policy > DLP Policies > Classifications.
  2. Click Actions > Create Classification
  3. Classification Name. Enter a name for this classification. For example, New Advanced Pattern. Enter an optional description to describe its use or purpose.
  4. Category. Select a Category from the list.  For example, Sensitive.
  5. Conditions. Click Select Criteria and choose Advanced Pattern. The Select Advanced Patterns cloud card displays.
    • Count each match string only one time. Activate or deactivate the checkbox to count the match string only one time or multiple times. Activating the checkbox eliminates the duplicate match counts during the DLP Policy evaluation. To learn more about the use case, see Count each match string only one time feature
  6. Click New.
    clipboard_e766b18da60d09c2eef53d1cfcf49eea7.png
  7. Enter a name and optional description for your Custom Advanced Pattern.
  8. To manually enter a regular expression, click Add RegEx.
    clipboard_e014fb1a087a1e7878beddc203eb7abd6.png
  9. Enter a regular expression, your newly added regular expression can be seen on the Regular Expressions tab.
  10. To ensure your regular expressions are accurate, click No Validation to open the Validation Algorithm cloud card. 
    clipboard_ec602ffb6645bf4813740c08c2288f4b1.png
  11. Select the appropriate Validation Algorithm from the list and click Done. To add Luhn 10 Validation Algorithm and BINs for your custom regular expressions, click Add BIN Validator. For more details, see Add BIN Validator.
    clipboard_e703c47e4d047d699dafdd430ec0220e9.png
  12. Add a Score to weigh the new regex Advanced Pattern. Scores can be between negative or positive, -99 to 999. The higher the number, the greater the weight given to the keyword, which will exceed the threshold and trigger an incident. 
  13. To reduce false positives, add expressions in the Exceptions tab to exclude specific keywords or regular expressions from being processed as matches in DLP classifications. 
  14. Go to the Exceptions tab and click Add Exception.
    clipboard_e37f12821c17279f4cf2294f5a2c6ecec.png
  15. Enter the keywords or Google RE2 expressions (RegEx) and select the Type of the exception from the menu. To add more expressions, click Add Exception.
    clipboard_e6eca1204728d448002050af585ff8efc.png
  16. To save your new Advanced Pattern with regular expressions and exceptions, click Save.
  17. The new Advanced Pattern is now added to the Classification and Advanced Pattern list.
    clipboard_ee9e0b30b0fa03756e8de8d3c22d3baf2.png
  18. Optionally, you can edit the threshold by clicking [1]. Enter a number to indicate the weight of the Advanced Pattern in threshold matching.
    clipboard_efa736f0c32cd004e6cff9b10c0765f15.png
  19. Add more classification conditions as needed and click Save.

Your custom classification with custom advanced patterns, validations, and exceptions are saved to the selected category in the Classifications list. Add the classification to your DLP policies as needed.​​​​​​

Custom Advanced Pattern Use Cases

Count each match string only one time feature 

Suppose you have a bank document with multiple instances of the pattern for France IBAN and you have set the score for this regular expression as 10 in the custom advanced pattern. This means that a match will only be triggered if the pattern France IBAN appears 10 or more times in the document. However, if you want to avoid triggering matches for duplicate counts, you can activate the Count each match string only one time checkbox. During the policy evaluation, the match will count only once, even though the score for the regular expression is set to 10. To find this option on UI, see Count each match string only one time.

clipboard_ed214db6821e1e240781ad7bb116acbdb.png

Set Scores for Regular Expressions on the Custom Advanced Pattern List

Let's say you have a confidential bank document containing sensitive information or patterns that should only be accessed by authorized personnel. To ensure the security of the document, you can set the scores for regular expressions that alert the DLP scanning engine with more precise information whenever someone tries to access sensitive patterns beyond a specific limit. If a match is found, an incident is triggered to maintain the document's security.

To set scores for each regular expression in a custom advanced pattern list, follow these steps:

  1. Create a classification using custom advanced patterns. Perform the initial steps of creating your advanced pattern classification as provided in steps 1 to 11 in the Create Custom Advanced Patterns using Add Regex section.
  2. Score. Once you add the necessary regular expressions, you can set different scores for each regular expression in the list by editing the default score [1]. For example, configure the scores for three regular expressions - France IBAN, German IBAN, and UK IBAN. Set the score for France IBAN to 10, German IBAN to 6and UK IBAN to 5. This means that when the patterns for France IBAN are accessed 10 or more times in the content, German IBAN is accessed 6 or more times, and UK IBAN is accessed 5 or more times then it triggers a match.
    clipboard_e9c17f4ae4aebed3a5c9e7978df5378b1.png

Re-use Regular Expressions in Custom Advanced Pattern List

Suppose you have multiple confidential documents containing common patterns, such as credit card numbers, that should only be accessed by authorized personnel. To ensure the security of these documents, you can create a custom advanced pattern list using regular expressions. This list can then be reused across classifications, eliminating the need to create or update custom advanced pattern lists repeatedly. 

To re-use regular expressions in a custom advanced pattern list:

  1. Create a classification using custom advanced patterns. Follow the steps of creating your advanced pattern classification as outlined in steps 1 to 5 in the Create Custom Advanced Patterns using Add Regex section. 
  2. On the Select Advanced Patterns cloud card, click All and select Custom.
    clipboard_e786f5ebadfd37b019694e6aa2720e9c4.png
  3. Select one or more existing Custom Advanced Patterns.
  4. Click i to view the Usage of the selected Advanced Patterns in other classifications.
    clipboard_ef1fe1724e19520d72a2bddb6246abad5.png

Exclude Matches on Keywords in Custom Advanced Pattern List

Suppose you have a financial document that contains a broad range of sensitive keywords, but you want to exclude specific keywords from being processed as matches by the DLP engine. To exclude matches on keywords, you can create a custom advanced pattern list using regular expressions and exceptions. These exceptions prevent specific keywords from triggering matches, thereby reducing false positives and ensuring accuracy in your data protection measures. 

To exclude matches on keywords in a custom advanced pattern list:

  1. Create a classification using custom advanced patterns. Follow the steps of creating your advanced pattern classification as outlined in steps 1 to 14 in the Create Custom Advanced Patterns using Add Regex section.
  2. Exception and Type. Once you add the necessary regular expressions, you can add exceptions to exclude specific keywords or regular expressions from being processed as matches by the DLP engine. For example, add exceptions such as two keywords - Account No and Balance, and add a regular expression for Spain IBAN. This means that a match will not be triggered if the keywords Account No and Balance, and patterns for Spain IBAN are accessed within the document.
    clipboard_e1b552ed8fe3c78d0761de034dbae4c49.png

Exclude Matches on Regular Expressions in Custom Advanced Pattern List

Suppose you have a financial document that contains a broad range of sensitive patterns, but you want to exclude specific patterns from being processed as matches by the DLP engine. To exclude matches on regular expressions, you can create a custom advanced pattern list using regular expressions and exceptions. These exceptions prevent specific patterns from triggering matches, thereby reducing false positives and ensuring accuracy in your data protection measures. 

To exclude matches on regular expressions in a custom advanced pattern list:

  1. Create a classification using custom advanced patterns. Follow the steps of creating your advanced pattern classification as outlined in steps 1 to 14 in the Create Custom Advanced Patterns using Add Regex section.
  2. Exception and Type. Once you add the necessary regular expressions, you can add exceptions to exclude specific keywords or regular expressions from being processed as matches by the DLP engine. For example, add exceptions such as two regular expressions - Netherlands IBAN and Italian IBAN No, and add a keyword Account No. This means that a match will not be triggered if the patterns for Netherlands IBAN and Italian IBAN, and keyword Account No are accessed within the document.
    clipboard_e9bce692f908ed24fde909e93d92ddfe5.png
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    How-to
  2. Tags
    This page has no tags.