Administrators and analysts can create search patterns to find sensitive data on their networks. These rules use keywords to identify patterns and they are matched based on an exact keyword string. Once a pattern is applied to a matched policy with services (Decoders), it will search for that pattern in the network traffic. Upon successful detection of a match, two important metadata will be generated (found and match). Analysts can use this metadata to investigate further and determine if the sensitive data is being used maliciously.
What do you want to do?
| User Role | I want to ... | Show me how |
|---|---|---|
|
Administrators / Analysts |
Create Search Pattern |
Related Topics
Quick Look - Create Search Pattern Dialog
This is an example of the Create Search Pattern Dialog
The following table describes the fields in the Create Search Pattern view.
| Feature | Description |
|---|---|
| Search Pattern Name | Specify a descriptive Name to identify the search pattern or leave the default name automatically populated using Search Pattern Rule format. |
| Keywords |
Allows you to add one or more keywords. Keywords are matched based on an exact string only. Regular expressions (Regex) are not supported. Use semicolons (;) to separate multiple keywords. For example, CreditCard;VISA;US. |
|
Service Port |
Allows you to add one or more ports. Use semicolons (;) to separate multiple port numbers. For example, 20;21;23. The port numbers must be between 1 and 65535. |
| Select Policy | Displays a drop-down list of available policies for selection. |
|
Create |
Creates the search pattern and closes the dialog. A message confirms that the search pattern was created successfully. |
| Create and Publish | Creates the search pattern and deploys the search pattern rule to a available policy containing Decoder services. |
| Cancel | Closes the dialog without applying changes. |
