Back=right
mouse click.
Back=right
mouse click.
An expression is data that has a certain structure. For example, credit card numbers typically have 16 digits and appear in the format “nnnn-nnnn-nnnn-nnnn,” making them suitable for expression-based detections.
IWSVA comes with a set of predefined expressions. These expressions cannot be modified or deleted.
IWSVA verifies these expressions using pattern matching and mathematical equations. After IWSVA matches potentially sensitive data with an expression, the data could also undergo additional verification checks.
Create customized expressions if none of the predefined expressions meet your requirements.
Expressions are a powerful string-matching tool. Ensure that you are comfortable with expression syntax before creating expressions. Poorly written expressions can dramatically impact performance.
When creating expressions:
Refer to the predefined expressions for guidance on how to define valid expressions. For example, if you are creating an expression that includes a date, you can refer to the expressions prefixed with “Date.”
Note that IWSVA follows the expression formats defined in Perl Compatible Regular Expressions (PCRE). For more information on PCRE, visit the following website:
Start with simple expressions. Modify the expressions if they are causing false alarms or fine-tune them to improve detections.
There are several criteria that you can choose from when creating expressions. An expression must satisfy your chosen criteria before IWSVA subjects it to a DLP policy. The following table lists the criteria options for customized expressions.
| Criteria | Rule | Example |
| None | None | All: Names from US Census Bureau Expression: [^\w]([A-Z][a-z]{1,12}(\s?,\s?|[\s]|\s([A-Z])\.\s)[A-Z][a-z]{1,12})[^\w] |
| Specific characters | An expression must include the characters you have specified. In addition, the number of characters in the expression must be within the minimum and maximum limits. |
US - ABA Routing Number Expression: [^\w\\\/\{\.\-=&"]([0123678]\d{8})[^\w-\}+] Characters: 0123456789 Minimum characters: 9 Maximum characters: 9 |
| Suffix | Suffix refers to the last segment of an expression. A suffix must include the characters you have specified and contain a certain number of characters. In addition, the number of characters in the expression must be within the minimum and maximum limits. |
All - Home Address Expression: \D(\d+\s[a-z.]+\s([a-z]+\s){0,2}(lane|ln|street|st|avenue|ave|road|rd|place|pl|drive|dr|circle|cr|court| ct|boulevard|blvd)\.?[0-9a-z,#\s\.]{0,30}[\s|,][a-z]{2}\s\d{5}(-\d{4})?)[^\d-] Suffix characters: 0123456789- Number of characters: 5 Minimum characters in the expression: 25 Maximum characters in the expression: 80 |
Single-character separator |
An expression must have two segments separated by a character. The character must be 1 byte in length. In addition, the number of characters left of the separator must be within the minimum and maximum limits. The number of characters right of the separator must not exceed the maximum limit. |
All - Email Address Expression: [^\w.]([\w\.]{1,20}@[a-z0-9]{2,20} [\.][a-z]{2,5}[a-z\.]{0,10})[^\w.] Separator: @ Minimum characters to the left: 3 Maximum characters to the left: 15 Maximum characters to the right: 30 |