Response Rules options:
This is list of options for response rules.
These options are saved inside rules configuration file. It contains both request and response rules. The filename depends on the name of the rule list → nameOfRuleList.conf.
These are stored in the following format under responseRules:
"responseRules": [
{
"enabled": true,
"type": "c",
"patterns": [
"columnsEndsWith:name"
],
"rowPatterns": [
"k"
],
"operator": "AND",
"columnNameOperator": "AND",
"intrans": false,
"properties": {
"honeyTokenAlert": "true"
}
},
]
Each rule might have: * enabled - Boolean to indicate if the rule is active. * type - Action of the rule inside the configuration file, such as Q → Allow. * Patterns - The Java regex for columns to match on. Column Name Regex from GUI. * rowPatterns - The Java regex for row to match on. * intrans - Determine if rule matches in transactions or only on auto-commit mode. * properties - Parameters and their values for given rule. * notes - Extra notes that can be left, their presence is marked by message icon next to enabled option. Editable after clicking edit button.
⚠️ Note: You can use SHIFT with mouse scroll to scroll horizontally!
| Key | Type | Description |
|---|---|---|
| Alert Row | c | Raise an alert if the response data conditions are met (there is a match for Column Name Regex and Column Row Regex) |
| Delete Row | a | Deletes the matching rows from result set (might be used on metadata as well). |
| Mask Row | b | Masking row of data from result set |
| Tokenize Row | d | Tokenization of result set data. Tokens generated during tokenization are stored within the designated database indicated by the specified datasource. Notably, the maximum supported length for string data is limited to Varchar(255). |
Rule Specific Parameters
For Alert Row:
| Key | Description |
|---|---|
| honeyTokenAlert | Raise alert if queried for a "honey token" (if all conditions were met) |
| rowCountsAlert | Raise alert if more than a certain number of rows are queried as a result of a single query. (ColumnRowRegex field should be left blank, otherwise the alert will be promoted when at least one match is made in a row and other conditions are met - so basically it's looking for "token" that will trigger alerts) |
For Mask Row and Tokenize Row:
| Key | Description |
|---|---|
| replaceWith | Specifies with which string, data should be replaced. (This field is mandatory) |
| replaceType | Specifies the type of replacement, whether we should replace Each string/character or All with value provided by replaceWith field. |
| replaceFirst | Specifies how many first characters to replace with the given string provided in the replaceWith field. |
| replaceExceptFirst | Specifies how many of the first characters are left unchanged and the rest will be replaced. |
| replaceLast | Specifies how many of the last characters should be replaced with the given string specified in the replaceWith field. |
| replaceExceptLast | Specifies how many of the last characters are left unchanged and the rest will be replaced. |
| replaceAll | Specifies whether whole row of data should be replaced. Should not be combined with other masking actions (as the result will be returned immediately). |
| replaceBeforeString | Specifies delimiter and number of characters (in that order) to replace before given delimiter. Can be usefully with email masking. |
| replaceExceptFirstBeforeString | Specifies delimiter and number of characters (in that order) that should remain unchanged (counting form the beginning of the delimiter) and the rest of the string will be masked to the specified delimiter. |
| replaceAfterString | Specifies delimiter and number of characters (in that order) to replace after the given delimiter. |
| replaceExceptLastAfterString | Specifies delimiter and number of characters (in that order) that should remain unchanged (counting form the end of the delimiter) and the rest of the string will be masked to the specified delimiter. |
| replaceFirstRegex | Specifies the regex how the field should be replaced, matches only the first matching regex pattern. The replaceType field has no effect on regular expression processing. |
| replaceAllRegex | Specifies the regex how to replace the field, matches all matching regex. The replaceType field has no effect on regular expression processing. |
For Tokenize Row:
| Key | Description |
|---|---|
| excludedChars | This field specifies which characters should not be tokenized. It's allowed to specify multiple excluded chars by typing them all in the String field e.g. if '-' and '@' needs to be excluded, user should define them as '-@' in one String. (If no other replacement is specified the replaceAll will be taken from default) |