Cloud Storage Security Help Docs
Release Notes
  • Introduction
  • Getting Started
    • How to Subscribe
      • Pay-As-You-Go (PAYG)
      • Bring Your Own License/GovCloud (BYOL)
      • AWS Transfer Family
    • How to Deploy
      • Steps to Deploy
      • Advanced Deployment Considerations
      • AWS Transfer Family
    • How to Configure
  • Console Overview
    • Dashboard
    • Malware Scanning
      • AWS
        • Buckets
        • Amazon EBS Volumes
        • Amazon EFS Volumes
        • Amazon FSx Volumes
        • WorkDocs Connections
      • Azure
        • Blob Containers
      • GCP
        • GCP Buckets
    • See What's Infected
      • Findings
      • Malware History
      • Results
    • Schedules
    • Monitoring
      • Error Logs
      • Bucket Settings
      • Deployment
      • Jobs
      • Notifications
      • Storage Assessment
      • Usage
    • Configuration
      • Classification Rule Sets
      • Classification Custom Rules
      • Scan Settings
      • Console Settings
      • AWS Integrations
      • Job Networking
      • API Agent Settings
      • Proactive Notifications
      • License Management
      • Event Agent Settings
    • Access Management
      • Manage Users
      • Manage Accounts
        • Linking an AWS Account
        • Linking an Azure Account
        • Linking a GCP Account
      • Manage Groups
    • Support
      • Getting Started
      • Stay Connected
      • Contact Us
      • Documentation
  • Product Updates
  • How It Works
    • Scanning Overview
      • Event Driven Scanning for New Files
      • Retro Scanning for Pre-Existing Files
      • API Driven Scanning
    • Architecture Overview
    • Deployment Details
    • Sizing Discussion
    • Integrations
      • AWS Security Hub
      • AWS CloudTrail Lake
      • AWS Transfer Family
      • Amazon GuardDuty
      • Amazon Bedrock
    • Demo Videos
    • Scanning APIs
    • SSO Integrations
      • Entra ID SSO Integration
      • Okta SSO Integration
  • Frequently Asked Questions
    • Getting Started
    • Product Functionality
    • Architecture Related
    • Supported File Types
  • Troubleshooting
    • CloudFormation Stack failures
    • Cross-Region Scanning on with private network
    • API Scanning: Could not connect to SSL/TLS (v7)
    • Password not received after deployment
    • Conflicted buckets
    • Modifying scaling info post-deployment
    • Objects show unscannable with access denied
    • Remote account objects not scanning
    • My scanning agents keep starting up and immediately shutting down
    • I cannot access the management console
    • Linked Account Out of Date
    • Rebooting the Management Console
    • Error when upgrading to the latest major version
    • I Cannot Create/Delete an API Agent
  • Release Notes
    • Latest (v8)
    • v7
    • v6 and older
  • Contact Us & Support
  • Data Processing Agreement
  • Privacy Policy
Powered by GitBook
On this page
  • Creating a custom rule
  • Using Amazon Bedrock to create RegEx rules
  1. Console Overview
  2. Configuration

Classification Custom Rules

PreviousClassification Rule SetsNextScan Settings

Last updated 5 months ago

If you have Data Classification enabled you will see this Classification Custom Rules page under the Configuration section.

Effective data classification requires policies and rulesets that are written for particular types of information. Along with out of the box rules, you are able to create your own custom rules using Regular Expressions (RegEx). Once created you can add these rules to a custom rule set and use them to classify your text based objects.

Creating a custom rule

After clicking the Create Rule button you can enter a name, description, and regular expression for your rule. Once you save the rule, you'll be able to use it as part of a custom classification rule set.

Using Amazon Bedrock to create RegEx rules

To get started, you’ll need to enable the Amazon Bedrock integration. Then you can navigate to Configuration in the navigation of your AV console and click on Classification Custom Rules. From there, click the “Create Rule” button. In the popup, enter a name and description, then click on “Create expression using Amazon Bedrock” to have the RegEx built for you.

For example, to create a RegEx rule that identifies certain credit card numbers, enter the Prompt “create a regular expression that discovers all American Express credit card numbers”. Then select Send Prompt to generate a RegEx rule that can be used. Each response is accompanied by an explanation of the RegEx. Click “save”.

If you’re a RegEx pro, custom classification rules can be created without the assistance of Bedrock—simply enter the regular expression, add a name plus description, and hit “save” to create the rule.

Crafting RegEx policies is often challenging because the syntax can be complex and dense. Our integration with simplifies this process by leveraging the power of artificial intelligence. All you need to do is enter a simple text prompt to identify patterns or text and the exact value you need for the rule will be created.

Amazon Bedrock