Exact Data Match Rules
Exact Data Match Rules
On the EDM Rules page, you can create rules that define the matching criteria for Cyberhaven to track specific data. These rules enable you to monitor the movement of sensitive information that has specific values or clearly defined attributes within your environment.
To access this page, navigate to Preferences > Content matching rules > EDM Rules.
EDM Rules page
The EDM Rules page displays a table with the following details for all the rules you have created.
Name: The name used to identify the rule.
Status: Arule can have the following statuses.
Not generated: This status is displayed when you click Save to create a rule. It indicates that the rule creation is in progress.
Available: The rule is available for use in datasets.
Pending: This status is displayed when you update a rule and click Save. It indicates that the changes are being saved.
Active: The rule is being actively used in a dataset.
Database: The name of the database used in this rule. See, Database Management menu.
Used in: The number of datasets where this rule is being used. Click on the number to see the list of datasets.
Created at: Displays the date and time when the rule was created.
Version: Indicates how many times a rule has been updated.
Last edited: Displays the date and time when the rule was most recently updated.
To select or deselect columns, click the gear icon at the right end of the table's header row.
Each column has an action menu, enabling you to hide the column, pin it, or apply filters to the columns.
Creating a new EDM Rule
1. Click New Rule. The New Rule panel is displayed on the right side of the page.
2. Enter a rule name. The rule name can only contain letters, numbers, spaces, hyphens, and underscores.
3. Select a database from the drop-down list. For information on how to upload a database of your sensitive information to the Cyberhaven Console, see Exact Data Match Command Line Interface Tool.
4. Next, select a primary match field. This is the main field used to identify matching data.
5. Select the secondary match fields. Cyberhaven will use these fields along with the primary match field for additional matches in the data.
6. Enter the number of secondary matches required to identify matching data.
For example, setting this number to 0 means Cyberhaven will only consider the primary match field for data matching. If set to 1,
Cyberhaven will use one additional secondary match field alongside the primary field for data matching.
7. Click Save to create the new rule.
This rule can now be used in a dataset to identify matching data in your data flow.
Using an EDM Rule in a Dataset
When an EDM rule is used in a dataset, Cyberhaven will monitor data sources for sensitive data that matches the exact values defined in the primary and secondary matching fields of your database.
1. On the Risks Overview page, click on Search by Source > Show more.
2. Under Content, click on Exact data match rules. Then click on the input field to view the EDM rules.
3. In the Exact Data Match Rules pop-up window, select the EDM rules you want to apply to your search criteria. Then click Apply.
4. Click on Condition to specify additional fields you want to search for in the source data and then click on Convert to Dataset at the bottom of the search by source panel.
The dataset can now be used in a policy to monitor the data flows at the destination and prevent the exfiltration of sensitive data.
Editing an EDM Rule
1. On the EDM Rules page, select the rule you want to update. The right panel displays the rule details.
2. Make changes to the rules and click Save.
When you update a rule the version number is incremented. The new version number is displayed in the "Version" column.
When the database used in a rule is updated, then the rule is automatically refreshed to use the latest database version.
Deleting an EDM Rule
1. On the EDM Rules page, select the action menu for the rule you want to delete.
2. Click Delete.
Rules with an Active status cannot be deleted.