System-Provided Sensitive Data Types
Each intrusion policy includes system-provided data types for detecting commonly used data patterns such as credit card numbers, email addresses, U.S. phone numbers, and U.S. Social Security numbers with and without dashes.
Each system-provided data type is associated with a single sensitive data preprocessor rule that has a generator ID (GID) of 138. You must enable the associated sensitive data rule in the intrusion policy to generate events and, in an inline deployment, drop offending packets for each data type that you want to use in your policy.
The following table describes each data type and lists the corresponding preprocessor rule.
|
Data Type |
Description |
Preprocessor Rule GID:SID |
|---|---|---|
|
Credit Card Numbers |
Matches Visa®, MasterCard®, Discover® and American Express® fifteen- and sixteen-digit credit card numbers, with or without their normal separating dashes or spaces; also uses the Luhn algorithm to verify credit card check digits. |
138:2 |
|
Email Addresses |
Matches email addresses. |
138:5 |
|
U.S. Phone Numbers |
Matches U.S. phone numbers adhering to the pattern
|
138:6 |
|
U.S. Social Security Numbers Without Dashes |
Matches 9-digit U.S. Social Security numbers that have valid 3-digit area numbers, valid 2-digit group numbers, and do not have dashes. |
138:4 |
|
U.S. Social Security Numbers With Dashes |
Matches 9-digit U.S. Social Security numbers that have valid 3-digit area numbers, valid 2-digit group numbers, and dashes. |
138:3 |
To reduce false positives from 9-digit numbers other than Social Security numbers, the preprocessor uses an algorithm to validate the 3-digit area number and 2-digit group number that precede the 4-digit serial number in each Social Security number. The preprocessor validates Social Security group numbers through November 2009.