Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Profile: base/compliance.toml

Source

  • Original path: profiles/base/compliance.toml

Profile (TOML)

# Compliance Profile
# Detects PII and other regulated data for compliance scanning

decode = ["base64", "percent-encoding"]

[[patterns]]
  name = "Email Address"
  pattern = "[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}"
  type = "regex"

[[patterns]]
  name = "US Social Security Number"
  pattern = "\\b\\d{3}-\\d{2}-\\d{4}\\b"
  type = "regex"

[[patterns]]
  name = "US Social Security Number (No Dashes)"
  pattern = "\\b\\d{9}\\b"
  type = "regex"

[[patterns]]
  name = "Credit Card Number (Visa)"
  pattern = "\\b4\\d{3}[\\s-]?\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}\\b"
  type = "regex"

[[patterns]]
  name = "Credit Card Number (MasterCard)"
  pattern = "\\b5[1-5]\\d{2}[\\s-]?\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}\\b"
  type = "regex"

[[patterns]]
  name = "Credit Card Number (Amex)"
  pattern = "\\b3[47]\\d{2}[\\s-]?\\d{6}[\\s-]?\\d{5}\\b"
  type = "regex"

[[patterns]]
  name = "Credit Card Number (Discover)"
  pattern = "\\b6011[\\s-]?\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}\\b"
  type = "regex"

[[patterns]]
  name = "Credit Card Number (Generic)"
  pattern = "\\b\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}[\\s-]?\\d{4}\\b"
  type = "regex"

[[patterns]]
  name = "UK National Insurance Number"
  pattern = "(?:[A-CEGHJ-PR-TW-Z][A-CEGHJ-NPR-TW-Z])(?:\\s*\\d\\s*){6}([A-D]|\\s)"
  type = "regex"

[[patterns]]
  name = "Canadian SIN"
  pattern = "\\b\\d{3}-\\d{3}-\\d{3}\\b"
  type = "regex"

[[patterns]]
  name = "Phone Number (US)"
  pattern = "(?:\\+1[\\s-]?)?\\(?\\d{3}\\)?[\\s.-]?\\d{3}[\\s.-]?\\d{4}"
  type = "regex"

[[patterns]]
  name = "Phone Number (International)"
  pattern = "\\+\\d{1,3}[\\s.-]?\\(?\\d{1,4}\\)?[\\s.-]?\\d{1,4}[\\s.-]?\\d{1,9}"
  type = "regex"

[[patterns]]
  name = "IP Address (IPv4)"
  pattern = "\\b(?:\\d{1,3}\\.){3}\\d{1,3}\\b"
  type = "regex"

[[patterns]]
  name = "IP Address (IPv6)"
  pattern = "(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}"
  type = "regex"

[[patterns]]
  name = "MAC Address"
  pattern = "(?:[0-9A-Fa-f]{2}[:-]){5}[0-9A-Fa-f]{2}"
  type = "regex"

[[patterns]]
  name = "US Passport Number"
  pattern = "\\b[0-9]{9}\\b"
  type = "regex"

[[patterns]]
  name = "IBAN"
  pattern = "[A-Z]{2}\\d{2}[A-Z0-9]{4}\\d{7}(?:[A-Z0-9]{0,16})?"
  type = "regex"

[[patterns]]
  name = "Date of Birth"
  pattern = "(?:dob|birth(?:day|date)|born)\\s*[:=]?\\s*(?:\\d{1,2}[/-]\\d{1,2}[/-]\\d{2,4}|\\d{4}[/-]\\d{1,2}[/-]\\d{1,2})"
  case-insensitive = true
  type = "regex"

[[patterns]]
  name = "Driver License"
  pattern = "(?:driver[\\s']?license|DL)\\s*[:=#]?\\s*[A-Z0-9]{5,20}"
  case-insensitive = true
  type = "regex"

[[patterns]]
  name = "Medical Record Number"
  pattern = "(?:mrn|medical.?record)\\s*[:=#]?\\s*\\d{5,10}"
  case-insensitive = true
  type = "regex"

[[patterns]]
  name = "Health Insurance Number"
  pattern = "(?:health.?insurance|policy)\\s*[:=#]?\\s*[A-Z0-9]{5,20}"
  case-insensitive = true
  type = "regex"

[[signatures]]
  name = "Files with Multiple PII Types"
  query = "SELECT sha256, COUNT(DISTINCT pattern_name) as pii_types FROM pattern_matches WHERE pattern_name LIKE '%Number%' OR pattern_name LIKE '%Address%' OR pattern_name LIKE '%Insurance%' GROUP BY sha256 HAVING pii_types > 2"

[[signatures]]
  name = "Files with Email and Phone"
  query = "SELECT sha256 FROM pattern_matches WHERE pattern_name = 'Email Address' INTERSECT SELECT sha256 FROM pattern_matches WHERE pattern_name LIKE '%Phone%'"