DATA RECON 2.0.25

Selecting Match Patterns

The DATA RECON dashboard allows you to build a search query to find data security risks.

Data Recon dashboard displaying different data types such as cardholder data, national ID data and patient health data.

You can scan for 5 categories of predefined data types:

Data Type Description
Cardholder Data Cardholder data from ten major card brands; also checks for test numbers, track type 1 and track type 2 magnetic stripe data.
National ID Data More than 50 types of National IDs, including Social Security Numbers (SSNs) and Tax File Numbers (TFNs) from most of Africa, Asia, Europe, Middle East, Oceania, North America and South America.
Patient Health Data Patient Health Information (PHI), including Medicare, National Insurance and National Provider Identifier data types from multiple regions.
Financial Data Sensitive finance-related data, including business/company registration details and bank account numbers.
Personal Detail Data Personal names, addresses, and other Personally Identifiable Information (PII). You can build your own match pattern data types with the "Custom Data" option, or customize existing match pattern data types to suit your own search needs.

Match Pattern Options

When you click on a match pattern data type category, the match pattern options dialog for that data type category is displayed. Match pattern options let you build search options from a set of five predefined match pattern data types.

Clicking on a match pattern data type category on the DATA RECON GUI dashboard displays a new dialog that asks you to Choose locations for <match pattern type>.

"Choose locations for Cardholder Data" dialog box to set the match pattern options.

Label Description
1 Regions/Countries

When you select the match pattern data types that you want to search for, DATA RECON shows the regions or countries that your data types cover.

Searching for match pattern types from 3 or more geographic regions will produce unusually high rates of duplicate results and false positives. Run separate scans when searching for sensitive data from different regions for more accurate results.
2 Robust/Refined Search

  • Robust Search: Strict search on selected match pattern data types, with fewer results and a lower rate of false positives.
  • Refined Search: Broader search on selected match pattern data types, with greater number of hits and a higher rate of false positives.

It is recommended that you use the Robust Search option, especially for these match pattern data types: US Routing Transit Number, Australian Medicare Provider, UK Community Health Index, License Number, Login Credentials.

Create Custom Data

You can build custom match pattern data types in the DATA RECON GUI to make your scans more specific.

  1. On the DATA RECON GUI dashboard, select the Custom Data match pattern data type category.
  2. Select a data type from one of the predefined match pattern data type categories and click Customize.
  3. In the Add Custom Data dialog, do the following:
    Build a custom data type category by describing the data type and adding rules in "Add Custom Data Type" dialog box.
    Field Details
    1 Describe your data type Enter the name for you custom match pattern data type.
    2 Add Rules See Add Rules.
    3 Advanced Options Select where applicable:
    • Ignore duplicates: Ignores duplicate matches found by this custom data type.
    • Minimum match count: Only report matches found by this custom data type if the number of matches found meets the minimum match count specified.
    4 View rules as expression

    Displays show the search expression that the selected search rules produce for the custom data type. You can edit the search expression using this option.

    Example of expression for custom data type, "Australian Business Number (modified)" in "Add Custom Data Type" dialog box.

    5 Rule list Displays list of search rules that you have added
    6 Test Rules/Ok

    After you add rules to the custom data type, click Test Rules to validate your scan rule.

    Once DATA RECON validates your custom data type, the Test Rules button changes into an Ok button. To add the scan rule, click Ok.

Add Rules

You can add 3 types of search rules to your custom data type:

Search Rule Description
PREDEFINED Only searches within a given predefined match pattern data type from one of the categories of data types.
When you select "Australian Business Number", it only runs a search within the "Australian Business Number" predefined match pattern data type.
PHRASE

Searches for a specific phrase or string of characters.

Certain characters such as the single quote ', double quote ", and the backslash \ cannot be used in Phrase, and will not form a legal search expression.

CHARACTER Adds a character to your search string, and behaves like a wild card character (*). Wild card characters are used to search for strings containing characters that meet certain parameters.
Adding a "Character" rule "Digit" that repeats 1 - 3 times matches: 123, 587 and 999.  However, it does not match: 12b, !@#, foo

Character allows you to pick these options to add as character search rules to match:

  • Space: Any whitespace character.
  • Alphanumeric: Numerical characters and letters.
  • Alphabet: Any character from the alphabet.
  • Digit: Any numerical character.
  • Printable: Any printable ASCII character, including vertical whitespace.
  • Sameline: Any printable ASCII character, excluding vertical whitespace.
  • Graphic: Any ASCII character that is not whitespace or a control character.
  • Non-alphanumeric: A symbol that is neither a number nor a letter; e.g. apostrophes ‘, parentheses (), brackets [ ], hyphens -, periods ., and commas ,.
  • Non-alphabet: Any non-alphabet characters; e.g. ~ ` ! @ # $ % ^ & * ( ) _ - + = { } | [ ] : ; " ' < > ? / , .
  • Non-digit: Any non-numerical character.

Rules Resolution

Search rules resolve from top to bottom (as arranged on the GUI), or from left to right (in the search expression).

Example

Example of top to bottom resolve rules for custom data type visual editor.

DATA RECON resolve the custom data type search rules in the following order:

  1. Predefined: Australian Business Numbers.
  2. Phrase: search-this-business-number.
  3. Character: Digit that repeats 1 - 3 times.
  4. Phrase: and-this-second-part.

The resulting search expression is as follows:

INCLUDE 'DEFINE_BANK'
REFER 'BANK_AUSTRALIA_ABN' THEN WORD 'search-this-business-number' THEN RANGE DIGIT TIMES 1-3 THEN WORD 'and-this-second-part'

DATA RECON will search for the following string in the next scan:

<Australian Business Number>+search-this-business-number+***+and-this-second-part