Detection Rules in 1Protection.AI are customizable settings that define the types of sensitive information your organization seeks to protect, alongside thresholds for determining violations. Detection Rules allow you to specify conditions that, when met, trigger an alert or policy action across any 1Protection integration.

Configuring Detection Rules

A Detection Rule can contain a single Detector or multiple Detectors, based on the types of data you need to monitor. When setting up a Detection Rule, you can customize the following parameters:

• Detectors Selection: Choose one or more Detectors relevant to the Detection Rule. For instance, a rule could include detectors for Credit Card Numbers, API Keys, and Passwords to comprehensively protect against financial and authentication data exposure.

• Thresholds for Minimum Confidence and Findings:

  • Minimum Confidence: Set the confidence level for a Detector to consider a finding valid. Higher confidence ensures accuracy, while lower confidence broadens the scope of detection.

  • Minimum Number of Findings: Specify the minimum number of findings within a single scan to trigger a violation.

Detection Rules can combine Detectors using AND or OR logic:

• AND Logic: All selected Detectors must flag a finding for the rule to trigger a violation, adding specificity to the rule.

• OR Logic: Only one of the selected Detectors needs to detect sensitive information to trigger a violation, broadening the rule’s application.

It’s important to note that adding multiple Detectors to a Detection Rule may increase processing time, so balance your selection according to your organization’s risk tolerance and response needs.