add keyword dictionary and priority level

DataDog · Dec 12, 2023 · 8662e7d · 8662e7d
1 parent eb72698
commit 8662e7d
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/content/en/sensitive_data_scanner.md b/content/en/sensitive_data_scanner.md
@@ -42,6 +42,8 @@ Sensitive Data Scanner can be found under [Organization Settings][1].
   - For Terraform, see the [datadog_sensitive_data_scanner_group][3] resource.
 - **Define Scanning Rules:** A scanning rule determines what sensitive information to match within the data. Within a scanning group, add predefined scanning rules from Datadog's Scanning Rule Library or create your own rules from scratch to scan using custom regex patterns.
   - For Terraform, see the [datadog_sensitive_data_scanner_rule][4] resource.
+- **Create keyword dictionary**: Add keywords to provide additional context when matching regex conditions. For example, if you are scanning for a nine-digit credit card number, you can add keywords like `account number`, `bank card`, and `cc #` to refine the match.
+- **Set priority level**: Set the priority level for the issues created when a match is made against this rule.
 
 Sensitive Data Scanner supports Perl Compatible RegEx (PCRE), but the following patterns are not supported:
   - Backreferences and capturing sub-expressions (lookarounds)
@@ -64,9 +66,11 @@ Sensitive Data Scanner supports Perl Compatible RegEx (PCRE), but the following
 
 - **Define pattern:** Specify the regex pattern to be used for matching against events. Test with sample data to verify that your regex pattern is valid.
 - **Define scope:** Specify whether you want to scan the entire event or just specific attributes. You can also choose to exclude specific attributes from the scan.
-- **Add tags:** Specify the tags you want to associate with events where the values match the specified regex pattern. Datadog recommends using `sensitive_data` and `sensitive_data_category` tags. These tags can then be used in searches, dashboards, and monitors.
+- **Create keyword dictionary**: Add keywords to provide additional context when matching regex conditions. For example, if you are scanning for a nine-digit credit card number, you can add keywords like `account number`, `bank card`, and `cc #` to refine the match.
 - **Process matching values:** Optionally, specify whether you want to redact, partially redact, or hash matching values. When redacting, specify placeholder text to replace the matching values with. When partially redacting, specify the position (start/end) and length (# of characters) to redact within matching values. Redaction, partial redaction, and hashing are all irreversible actions.
+- **Add tags:** Specify the tags you want to associate with events where the values match the specified regex pattern. Datadog recommends using `sensitive_data` and `sensitive_data_category` tags. These tags can then be used in searches, dashboards, and monitors.
 - **Name the rule:** Provide a human-readable name for the rule.
+- **Set priority level**: Set the priority level for the issue created when a match is made against this rule.
 
 {{< img src="sensitive_data_scanner/sds_rules_28_03_23.png" alt="A Sensitive Data Scanner custom rule" style="width:90%;">}}