In addition to using , you may define Detection Rules within the body of your scan method by either supplying:
the identifier of one of Nightfall's
the UUID of an a Detector defined through the UI
a Regular Expression
a Word List.
Built In Detectors
Out of the box, Nightfall comes with an of native detectors.
In the example below two of Nightfall's native Detectors (detectorType = "NIGHTFALL_DETECTOR") are being used:
US_SOCIAL_SECURITY_NUMBER
CREDIT_CARD_NUMBER.
When defining a Detection Rule in line, you configure the minimum (minConfidence) and minimum number of times the match must be found (minNumFindings) for the rule to be triggered. .
In the payload body, you can see that we are submitting a list of three different strings to scan (payload). The first will trigger the U.S. Social Security Detector. The last will trigger the credit card Detector. The middle example will trigger neither.
For more information on the parameters related to redaction, see .
curl --request POST \
--url https://api.nightfall.ai/v3/scan \
--header 'Authorization: Bearer NF-rEpLaCeM3w1ThYoUrNiGhTfAlLKeY123' \
--header 'Content-Type: application/json' \
--data '{
"policy": {
"detectionRules": [
{
"detectors": [
{
"detectorType": "NIGHTFALL_DETECTOR",
"nightfallDetector": "US_SOCIAL_SECURITY_NUMBER",
"minNumFindings": 1,
"minConfidence": "LIKELY",
"displayName": "US Social Security Number"
},
{
"detectorType": "NIGHTFALL_DETECTOR",
"nightfallDetector": "CREDIT_CARD_NUMBER",
"minNumFindings": 1,
"minConfidence": "LIKELY",
"displayName": "Credit Card Number",
"redactionConfig": {
"maskConfig": {
"maskingChar": "π",
"charsToIgnore": ["-"]
}
}
}
],
"name": "My Match Rule",
"logicalOp": "ANY"
}
]
},
"payload": [
"The customer social security number is 458-02-6124",
"No PII in this string",
"My credit card number is 5310-2768-6832-9293"
]
}'
Below is the response payload to the previous request.
The following example shows a Detection Rule composed of two Detectors defined using regular expressions β one for the format of an International Standard Recording Code (ISRC) and one for the format of an International Standard Musical Work Code (ISWC) β matching either of which will trigger the Detection Rule (by using the logicalOp βAnyβ).
We will provide a payload of two strings, one of which will match the ISRC and one of which will match the ISWC.
The returned response demonstrates how findings are returned, with a finding per payload entry and the Detection Rule and Detector that matched the payload, if any.
The byte range that triggered the match is also provided. In the case of the 2nd item in the payload, since the match occurred at the beginning of the string, it has a location where the byteRange start is 0. In the case of the 3rd payload entry the location offset is 31.
The following example shows how a word list may be used instead of a regular expression.
curl --location --request POST 'https://api.nightfall.ai/v3/scan' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'x-api-key: NF-rEpLaCeM3w1ThYoUrNiGhTfAlLKeY123' \
--data-raw '{
"config": {
"detectionRules": [
{
"detectors": [
{
"wordList": {
"values": [
"cat",
"dog",
"rat"
],
"isCaseSensitive": false
},
"minNumFindings": 1,
"minConfidence": "POSSIBLE",
"displayName": "animals",
"detectorType": "WORD_LIST"
}
],
"name": "WordListExamples",
"logicalOp": "ANY"
}
]
},
"payload": [
"THE CAT SAT ON THE MAT",
"The dog and the rat are on the west bank of the river",
"No one here but use chickens"
]
}'
Below is the resulting payload with the findings detected in our different payload strings.
Note that since the isCaseSensitive flag is set to "false" for the detector, so the first string in our payload matches a word from our word list.
Also note that the confidence level for a word list match defaults to "LIKELY" so you should not set a minConfidence level higher than that if you want matches to result.
