Cisco Cisco Firepower Management Center 4000
28-23
FireSIGHT System User Guide
Chapter 28 Detecting Specific Threats
Detecting Sensitive Data
edit them under the sensitive-data rule category.
The following table describes each data type and lists the corresponding preprocessor rule that you must
enable to enable detection and event generation for the data type.
enable to enable detection and event generation for the data type.
To reduce false positives from 9-digit numbers other than Social Security numbers, the preprocessor uses
an algorithm to validate the 3-digit area number and 2-digit group number that precede the 4-digit serial
number in each Social Security number. The preprocessor validates Social Security group numbers
through November 2009.
an algorithm to validate the 3-digit area number and 2-digit group number that precede the 4-digit serial
number in each Social Security number. The preprocessor validates Social Security group numbers
through November 2009.
Configuring Sensitive Data Detection
License:
Protection
You can modify default global settings and settings for individual data types. You must also enable the
preprocessor rule for each data type you want to detect.
preprocessor rule for each data type you want to detect.
If you enable sensitive data preprocessor rules in your policy without enabling sensitive data detection,
you will be prompted to enable sensitive data detection when you save changes to your policy. See
you will be prompted to enable sensitive data detection when you save changes to your policy. See
for more information.
The following table describes actions you can take on the Sensitive Data Detection page.
Table 28-9
Sensitive Data Types
Data Type
Description
Preprocessor Rule
GID:SID
GID:SID
Credit Card Numbers
Matches Visa®, MasterCard®, Discover® and American Express®
fifteen- and sixteen-digit credit card numbers, with or without their
normal separating dashes or spaces; also uses the Luhn algorithm to
verify credit card check digits.
fifteen- and sixteen-digit credit card numbers, with or without their
normal separating dashes or spaces; also uses the Luhn algorithm to
verify credit card check digits.
138:2
Email Addresses
Matches email addresses.
138:5
U.S. Phone Numbers
Matches U.S. phone numbers adhering to the pattern
(\d{3})
?\d{3}-\d{4}
.
138:6
U.S. Social Security
Numbers Without Dashes
Numbers Without Dashes
Matches 9-digit U.S. Social Security numbers that have valid 3-digit
area numbers, valid 2-digit group numbers, and do not have dashes.
area numbers, valid 2-digit group numbers, and do not have dashes.
138:4
U.S. Social Security
Numbers With Dashes
Numbers With Dashes
Matches 9-digit U.S. Social Security numbers that have valid 3-digit
area numbers, valid 2-digit group numbers, and dashes.
area numbers, valid 2-digit group numbers, and dashes.
138:3
Custom
Matches a user-defined data pattern in the specified traffic. See
for more information.
138:>999999
Table 28-10
Sensitive Data Configuration Actions
To...
You can...
modify global settings
see the
table for information on the global settings you
can modify.
modify data type options
click the data type name in the Targets page area.
The Configuration page area updates to display the current settings for the data type. See the
table for information on the options you can modify.