- Platform Release 6.5
- Privacera Platform Release 6.5
- Enhancements and updates in Privacera Access Management 6.5 release
- Enhancements and updates in Privacera Discovery 6.5 release
- Enhancements and updates in Privacera Encryption 6.5 release
- Deprecation of older version of PolicySync
- Upgrade Prerequisites
- Supported versions of third-party systems
- Documentation changelog
- Known Issues 6.5
- Platform - Supported Versions of Third-Party Systems
- Platform Support Policy and End-of-Support Dates
- Privacera Platform Release 6.5
- Privacera Platform Installation
- About Privacera Manager (PM)
- Install overview
- Prerequisites
- Installation
- Default services configuration
- Component services configurations
- Access Management
- Data Server
- UserSync
- Privacera Plugin
- Databricks
- Spark standalone
- Spark on EKS
- Portal SSO with PingFederate
- Trino Open Source
- Dremio
- AWS EMR
- AWS EMR with Native Apache Ranger
- GCP Dataproc
- Starburst Enterprise
- Privacera services (Data Assets)
- Audit Fluentd
- Grafana
- Ranger Tagsync
- Discovery
- Encryption & Masking
- Privacera Encryption Gateway (PEG) and Cryptography with Ranger KMS
- AWS S3 bucket encryption
- Ranger KMS
- AuthZ / AuthN
- Security
- Access Management
- Reference - Custom Properties
- Validation
- Additional Privacera Manager configurations
- Upgrade Privacera Manager
- Troubleshooting
- How to validate installation
- Possible Errors and Solutions in Privacera Manager
- Unable to Connect to Docker
- Terminate Installation
- 6.5 Platform Installation fails with invalid apiVersion
- Ansible Kubernetes Module does not load
- Unable to connect to Kubernetes Cluster
- Common Errors/Warnings in YAML Config Files
- Delete old unused Privacera Docker images
- Unable to debug error for an Ansible task
- Unable to upgrade from 4.x to 5.x or 6.x due to Zookeeper snapshot issue
- Storage issue in Privacera UserSync & PolicySync
- Permission Denied Errors in PM Docker Installation
- Unable to initialize the Discovery Kubernetes pod
- Portal service
- Grafana service
- Audit server
- Audit Fluentd
- Privacera Plugin
- How-to
- Appendix
- AWS topics
- AWS CLI
- AWS IAM
- Configure S3 for real-time scanning
- Install Docker and Docker compose (AWS-Linux-RHEL)
- AWS S3 MinIO quick setup
- Cross account IAM role for Databricks
- Integrate Privacera services in separate VPC
- Securely access S3 buckets ssing IAM roles
- Multiple AWS account support in Dataserver using Databricks
- Multiple AWS S3 IAM role support in Dataserver
- Azure topics
- GCP topics
- Kubernetes
- Microsoft SQL topics
- Snowflake configuration for PolicySync
- Create Azure resources
- Databricks
- Spark Plug-in
- Azure key vault
- Add custom properties
- Migrate Ranger KMS master key
- IAM policy for AWS controller
- Customize topic and table names
- Configure SSL for Privacera
- Configure Real-time scan across projects in GCP
- Upload custom SSL certificates
- Deployment size
- Service-level system properties
- PrestoSQL standalone installation
- AWS topics
- Privacera Platform User Guide
- Introduction to Privacera Platform
- Settings
- Data inventory
- Token generator
- System configuration
- Diagnostics
- Notifications
- How-to
- Privacera Discovery User Guide
- What is Discovery?
- Discovery Dashboard
- Scan Techniques
- Processing order of scan techniques
- Add and scan resources in a data source
- Start or cancel a scan
- Tags
- Dictionaries
- Patterns
- Scan status
- Data zone movement
- Models
- Disallowed Tags policy
- Rules
- Types of rules
- Example rules and classifications
- Create a structured rule
- Create an unstructured rule
- Create a rule mapping
- Export rules and mappings
- Import rules and mappings
- Post-processing in real-time and offline scans
- Enable post-processing
- Example of post-processing rules on tags
- List of structured rules
- Supported scan file formats
- Data Source Scanning
- Data Inventory
- TagSync using Apache Ranger
- Compliance Workflow
- Data zones and workflow policies
- Workflow Policies
- Alerts Dashboard
- Data Zone Dashboard
- Data zone movement
- Workflow policy use case example
- Discovery Health Check
- Reports
- How-to
- Privacera Encryption Guide
- Overview of Privacera Encryption
- Install Privacera Encryption
- Encryption Key Management
- Schemes
- Encryption with PEG REST API
- Privacera Encryption REST API
- PEG API endpoint
- PEG REST API encryption endpoints
- PEG REST API authentication methods on Privacera Platform
- Common PEG REST API fields
- Construct the datalist for the /protect endpoint
- Deconstruct the response from the /unprotect endpoint
- Example data transformation with the /unprotect endpoint and presentation scheme
- Example PEG API endpoints
- /authenticate
- /protect with encryption scheme
- /protect with masking scheme
- /protect with both encryption and masking schemes
- /unprotect without presentation scheme
- /unprotect with presentation scheme
- /unprotect with masking scheme
- REST API response partial success on bulk operations
- Audit details for PEG REST API accesses
- Make encryption API calls on behalf of another user
- Troubleshoot REST API Issues on Privacera Platform
- Privacera Encryption REST API
- Encryption with Databricks, Hive, Streamsets, Trino
- Databricks UDFs for encryption and masking on PrivaceraPlatform
- Hive UDFs for encryption on Privacera Platform
- StreamSets Data Collector (SDC) and Privacera Encryption on Privacera Platform
- Trino UDFs for encryption and masking on Privacera Platform
- Privacera Access Management User Guide
- Privacera Access Management
- How Polices are evaluated
- Resource policies
- Policies overview
- Creating Resource Based Policies
- Configure Policy with Attribute-Based Access Control
- Configuring Policy with Conditional Masking
- Tag Policies
- Entitlement
- Service Explorer
- Users, groups, and roles
- Permissions
- Reports
- Audit
- Security Zone
- Access Control using APIs
- AWS User Guide
- Overview of Privacera on AWS
- Configure policies for AWS services
- Using Athena with data access server
- Using DynamoDB with data access server
- Databricks access manager policy
- Accessing Kinesis with data access server
- Accessing Firehose with Data Access Server
- EMR user guide
- AWS S3 bucket encryption
- Getting started with Minio
- Plugins
- How to Get Support
- Coordinated Vulnerability Disclosure (CVD) Program of Privacera
- Shared Security Model
- Privacera Platform documentation changelog
Rules
You can create and manage custom and system-provided rules in Privacera Discovery. By executing the conditions in each rule, Discovery applies classifications to your data. The output tag associated with the processed rule is applied to the resource as the final tag.
The generation of tags depends on the order of the rules. See Processing Order of Scan Techniques and Reorder Structured Rules.
You can also create rule mappings.
Types of rules
There are three types of rules in Privacera Discovery:
Structured
Unstructured
Post-processing
Example rules and classifications
Based on the tags found in a structured or unstructured rule or a table in various columns, we can assign a tag to the file or the table. This is an AND conditions of output tags. For example, you can set multiple rules as follows:
If a file has
PERSON_NAMEANDEMAILANDSSN, tag asPII.If a file has
USER_IDANDGEO, tag asSENSITIVE.If a file has
USER_IDANDIP, tag asSENSITIVE.
Create a structured rule
To create a structured rule, follow these steps:
From the navigation menu, select Discovery > Rules.
On the Rules page, click Structured > Create Rule.
The Create Rule dialog is displayed.
In the Create Rule dialog, enter the following details:
Name: The name of the rule.
Description: A description of the rule (optional).
Must Have: From the dropdown menu, select dictionaries, patterns, or models to be included in the rule.
Must Not Have: From the dropdown menu, select dictionaries, patterns, or models to be included in the rule.
Score Type: From the dropdown menu, select one of the following options:
Auto: If the rule is applied, the resource is classified as System.
Review: If the rule is applied, the resource is classified as Pending Review.
Output Tags: The tags associated with the rule.
Key For Samples: The keys from the objects in the Must Have dropdown menu.
Enable rule: The rule is enabled or disabled.
Review the information in Rule preview section.
Click Save.
The structured rule is created.
Reorder structured rules
Rule order decides the priority of the rules applied during classification.
To reorder rules, follow these steps:
On the Rules page, click Reorder.
Drag the rules up or down to change the order.
Click Save Order.
The new order is saved.
Create an unstructured rule
To create an unstructured rule, follow these steps:
From the navigation menu, select Discovery > Rules.
On the Rules page, click Unstructured > Create Rule.
The Create Rule dialog is displayed.
Enter the following details:
Rule Name: Name of the rule.
Description: Description of the rule (optional).
Must Have: From the dropdown menu, select dictionaries, patterns, or models to be included in the rule.
Must Not Have: From the dropdown menu, select dictionaries, patterns, or models to be excluded from the rule (optional).
Word Proximity: Name of a pattern to identify sensitive information within the specified number of words.
Key order strict: Using the toggle, indicate whether key order is strictly followed.
Enable rule: Using the toggle, enable or disable the rule.
Review the information in the Rule preview section.
Click Save.
The unstructured rule is created.
Create a rule mapping
To create a rule mapping, follow these steps:
From the navigation menu, select Discovery > Rules.
On the Rules page, click Rule Mapping > Add Mapping.
The Add Key Tag Mapping dialog is displayed.
From the Key dropdown menu, select a dictionary, pattern, or model.
From the Tag dropdown, select a tag.
Note
You can add multiple keys and tags by clicking +.
Click Save
The rule mapping is created.
Export rules and mappings
To export a rule file in JSON format for a structured rule, follow these steps:
From the navigation menu, select Discovery > Rules.
Click Export.
Select the files you wish to export.
Click Export
The rule file is exported.
Import rules and mappings
To import a JSON rule file for a structured rule, follow these steps:
From the navigation menu, select Discovery > Rules.
On the Rules page, click Import.
The Import dialog is displayed.
Click Choose File and select the JSON file.
Note
Selecting Clean Previous deletes all existing rules.
Click Save.
The rule file is imported.
Post-processing in real-time and offline scans
With post-processing, the data is scanned and then the rules are applied on the tagged data in multiple passes. Post-processing can be used with both real-time and offline scans. Based on the output tags of the rules applied after the initial scan, with post-processing you can add additional tags on the parent or child data resources.
Post-processing rules should be applied after datazone and tag propagation is done.
For example, after the initial scan of a structured or unstructured file or columns within a table, Privacera Discovery will identify the data and classify them with tags based on the rules. After the initial scan has tagged various columns within a table or a file, you can use post-processing rules to assign additional tags to the file or the parent table.
Enable post-processing
To enable post-processing, follow these steps:
Navigate to Setting > System Configuration.
Search for the property
privacera.portal.rules.post_process.enable=false.Note
The default setting is false.
Set the property to true.
Example of post-processing rules on tags
From the navigation menu, select Discovery > Rules.
On the Rules page, select Post-Processing.
Create a new rule with the following condition: If
PERSON_NAMEandSSNare found, apply theSENSITIVEtag.Rescan the file to apply the post-processing rules.
The fields are now classified as
SENSITIVEand the tag is applied in the unformatted view.
List of structured rules
The following is a list of the Privacera-supplied structured rules. For more information about any, look at the pattern itself in the Platform UI.
Australia Bank Account Number
Australia Bank BSB code
Australia Driver License
IBAN Rule
rule_auto_1P
rule_auto_2P
rule_auto_3P
rule_auto_4P
rule_auto_5M
rule_auto_6M
rule_auto_7M
rule_auto_8M
rule_auto_9M
rule_biometric
rule_biometric_keyword
rule_cc
rule_city_name
rule_criminal_keyword
rule_dob
rule_email
rule_ethnicity_keyword
rule_gps
rule_gps_6_digit
rule_medical_keyword
rule_national_id
rule_password
rule_person_name
rule_phonenumber
rule_pii_id_keyword
rule_political_keyword
rule_religion_keyword
rule_sexual_orientation_keyword
rule_ssn_4_digit
rule_ssn_9_digit
rule_ssn_strict
rule_ssn_strict_fallback
rule_state_name
rule_street_address
rule_tax_id_9_digit
rule_tax_id_strict
rule_trade_union_keyword
Rule US ABA Routing Number
Rule US ABA Routing Number 2
rule_us_dlicense_keyword
rule_us_zip
rule_viewership_keyword
rule_web_keyword
SWIFT BIC Bank ID rule
SWIFT BIC Bank ID Rule 2
UK Driver License Rule
UK Electoral Roll number
UK NHS Rule
UK NHS Rule 2
UK NINO Rule
UK NINO RULE 2
UK Phone Number Rule
UK Postal Code
UK Postal Town
UK US Passport