Skip to main content

Sensitive Field Identifiers [USER GUIDE]

  • Updated

Background & Purpose

Script behaviors related to accessing sensitive data - PCI, PII and credential data - are identified based on common field identifiers. 

In order to reduce the risk of false positives in websites where non-conventional names are set to fields, the ability to customize the field identifiers is available for eligible customers, for admin users.

These identifiers drive detection, redaction, and reporting for active data only; historical data remains tied to the rules in effect at collection time.

Who can use this

  • Admin users

Where to find it

Admin → Preferences → Sensitive Field Identifiers

 

Key concepts

  • Template: A named list of  customized identifiers that may be associated to one or many sites. One customized template is supported per account.

  • Source Defense template: Recommended template set by default to all accounts. It's auto-updated and cannot be deleted or edited.

  • Default template: The template used by default unless the site is explicitly assigned to a customized template (marked “default” in the tab name). New accounts default to the Source Defense template.

 

Actions available for custom template:

  • Rename (unique, ≤ 50 chars)

  • Assign/Unassign Sites (multi-select; moving a site here removes it from its previous template; removing a site sends it to the default template; sites list hidden if only the Source Defense template exists)

  • Set as default (hidden if already default)

  • Delete template (only if no sites related to the template)

  • Publish All table edits are staged and only applied after 'Publish'

Clone (one-time):

  • From Source Defense template, click Clone → creates Source Defense – Copy.

  • After a custom template exists, Clone is removed.

 

 

Sensitive Fields table

Columns

  • Sensitive data type (closed list: Accessing PII Data, Accessing PCI Data, Accessing Credential Data, Accessing Data)

  • Name 

  • Wildcard (supports * at start and/or end; e.g., *password*; ≤ 50 chars)

  • Description (optional, ≤ 100 chars)

Search & sort

  • Free-text search across Type, Name, Wildcard

  • Sort by Sensitive data type or Name (ASC/DESC; default ASC by Type)

Row actions

  • Add / Edit

    • Required: Sensitive data type, Name, Wildcard

    • Wildcard rules:

      • Valid: *term, term*, *term*

      • Invalid: asterisk in the middle (e.g., pa*ssword) → show term in red + “Please enter a valid wildcard”

    • Duplicates within the same template → “Wildcard already exists.”

    • Confirm (saves to the table but not to DB) / Cancel

    • Changed rows appear bold until publish

  • Delete

    • Row turns gray until publish

All table edits are staged and only applied after Publish.

 

FAQs

Does changing a wildcard affect past reports?
No. Only future detection/redaction/reporting after publish.

Why can’t I clone again?
Only one custom template is allowed. After cloning once, the Clone button is removed.

Why can’t I delete a template?
It must have no associated sites and cannot be the default or the Source Defense template.

What happens when I remove a site from a custom template?
It automatically falls back to the default template.

Related articles