Skip to main content
Version: v4.13

Get Automatic Data Map suggestions​

Cyral's Automatic Data Map feature, called the Repo Crawler, scans your repositories to find data that looks like it should be protected. As a data security administrator, you can accept or reject the Repo Crawler's recommendations as explained below.

Specify data patterns to match for Automatic Data Map

Prerequisites

Make sure your Cyral administrator has installed and run the Repo Crawler.

Procedure

Cyral uses data labels to mark data locations to be secured. Each pending suggestion represents a match of one or more data labels. To view the labels:

  1. In the Cyral control plane UI, click Data Labels.
  2. Click Predefined Labels to see Cyral's built-in data labels.
  3. You can enable or disable each data label for use in Automatic Data Map. Toggle the on/off switch to the right of the data label's name. When a data label is disabled, the crawler will not use it in the classification routine.
tip

If the predefined data labels described below don't include the type of data you want to scan for, then you can define a custom data label for use with Automatic Data Maps. Caution! Setting up custom data labels is an advanced configuration. Contact Cyral support if you need assistance.

Patterns that match Cyral's predefined data labels

For each predefined data label, these are the criteria that will trigger a match in the Repo Crawler:

  • ADDRESS matches common street address and post office box address formats
  • AGE finds data locations that are observed to contain only integers that might represent a person's age
  • CCN matches most common credit card numbers
  • SSN matches North American-style tax identification numbers
  • EMAIL matches values that contain an "@" symbol followed by a domain name
  • IP ADDRESS matches IPv4 and IPv6 addresses
  • PHONE matches US and Canadian telephone numbers

For data types not covered by the above data labels, you must set up a custom data label and classifier.

Review and accept Data Map suggestions​

The Cyral Repo Crawler runs on a regular schedule to find data locations that might need to be secured. It provides recommendations in the form of suggested Data Map entries. After you approve the addition of a suggested Data Map entry, it works just like other Data Map entries, providing the protection you've specified in your Cyral policies.

To review the Repo Crawler's latest recommendations:

  1. Click Data Repos ➡️ click your repo's name ➡️ Data Labels ➡️ Mappings.

  2. If there are new suggestions, a blue pending suggestions bar appears at the top of the panel. Click the blue bar to expand it.

  3. Click ✔️ to accept a mapping or ❌ to reject it. Mappings you accept will be protected according to the rules in your policy.

List recent Automatic Data Map activity

To review recent Repo Crawler runs and rejected Data Map suggestions for a specific repo, click Data Repos ➡️ click your repo's name ➡️ Data Labels ➡️ Auto Updates.

To see the current set of active mappings, click Data Labels ➡️ View as YAML in your repo's Details panel.