Detectors

How to set up a Detector

What is Detector and how does it work?

Detectors are features that allow users to set up alerts for certain parameters during a classification search. A user can set up a Detector to search for keywords within the entire contents of a document or file, as well as search for keyword hits within the file's pathname. It uses advanced AI and ML search techniques such as Fuzzy Word Search and Percolation to search through documents much more quickly than a traditional pattern-matching search, such as using Regular Expressions.

An example of a Detector that a user could set up is “Employee Salary”. A user might want to ensure that documents that contain this information are not publicly shared or shared internally throughout an organisation.

In order to set this up, click on Administration → Detectors to bring them to the Detectors page.

Here there is a list of pre-defined common Detectors that can be used.

To begin the setup click on the Create button on the top right corner of the screen.

This brings up the Detector Creation Screen.

Provide a Query Name. For this example "Employee Salaries".
Define where the Search Base of the Detector will look (i.e. search through the contents of a file or the file path). For example to search through the full document contents to look for certain salary-related keywords, select Content.
In the Contain field set the relevant salary-related keywords that might trigger a detector hit in a potentially sensitive document. “Salary” “Compensation Package” “Payslip” “Payroll” “Compensation Structure” “OTE”
If there are terms that the Detector is to ignore set them in in the Not Contain field.
Click the Enabled button to turn on and then Save the Detector.

The new Detector named Employee Salaries should now be visible in the list of Detectors

A new scan will be needed to detect for Employee Salaries.

Operations

Each token that is added to a detector is related to the other tokens like an OR condition. AND conditions are not available detectors but this functionality can be configured indirectly through the data asset registry or directly through RegEx pattern matching.

Why it is different to Pattern Matching

Detectors work differently to Pattern Matching in a number of ways. Firstly, they can scan the entire contents of a document and path name for keywords while a traditional regex search is limited to searching through the first X amount of words across all documents. Detectors leverage advanced AI and ML techniques such as Fuzzy Word Search and Percolation Search in order to search for phrases across an entire document in a fraction of the time it would take to search with Pattern Matching.

Usages

Defining Data Asset

An important feature of DSPM is the ability to identify data assets that are important to the organisation and assign those assets in the inventory. Detectors are a powerful method that work in conjunction with the AI Mesh to find critical, sensitive, and regulated data during scans.

GQL queries

Once Detectors are configured and scans are underway, users can access them for describing queries in GQL. Use the detectorHits value as shown below. GQL will give suggestions to help speed up filtering.

Analytics

Detectors are used along with the AI Mesh to analyse data and visually present findings in the Analytics Dashboard. Detectors associated with various data assets and types can be found through the out-of-the-box widgets and play a crucial role in helping to identify specific important data.

Create Employee Lists

In order to identify employee data during scans it can be useful to add all employee names to a detector. This means a detector that helps identify HR data located throughout the data estate.

Overall, detectors give a better understanding of the data and help define very specific attributes as well as broad categories of data assets.

PreviousAnalytics NextSecurity Posture Policies

Last updated 1 month ago

Was this helpful?