DeviceLock Content Security Server : Using Search Server : Performing a search : Managing content-aware search groups : Pattern groups
  
Pattern groups
Pattern groups enable the server to find log records and data objects (such as files, e-mails, or instant messages) by matching their text content to regular expressions, referred to as “patterns”. Regular expressions provide a way to search for complex combinations of characters like credit card numbers, social security numbers, e-mail addresses or phone numbers. Pattern groups employ Perl regular expressions, described at perldoc.perl.org/perlrequick.html and perldoc.perl.org/perlretut.html.
By using Pattern groups, one could find, for example, shadow copies containing character strings that match specific regular expressions. Such a group can be configured to specify the desired regular expression/s and other search settings (see Setting up, viewing or changing a Pattern group). Then the server can search for objects that match the regular expression/s from that group.
Search Server provides a wide selection of predefined (built-in) Pattern groups. Administrators can use built-in groups as they are, create editable copies (duplicates) of built-in groups, or create new, custom groups to suit a particular organization’s needs. Built-in groups make it easy to configure search requests without necessarily having to define custom groups. Review a list of built-in Pattern groups for further details.
For built-in groups of this type, one can only view their regular expressions and other settings in the dialog box described in the section that follows. Changing built-in groups is not allowed. To change the pattern logic of a built-in group, create an editable copy of it by duplicating the group (see Dialog box for managing search groups).
Setting up, viewing or changing a Pattern group
When creating, duplicating, viewing, or editing a Pattern group (see Dialog box for managing search groups), the console employs a dialog box with the following group setting control fields:
Name, Description - Set, view, or change the name and description of the group.
Expression - View, add, or change the regular expression/s for this group. One or more expressions can be entered by typing in the Expression field, with just one expression per line. For details on regular expressions, refer to the tutorials at perldoc.perl.org/perlrequick.html and perldoc.perl.org/perlretut.html.
When matching a data object to the group during a search, the server counts the total number of data matches with the expression/s specified in this field, and concludes whether the object matches the group depending upon the search condition selected.
Validate - Check the regular expression syntax.
Validation - When configured to perform validation, the group detects a match only in case of a match to the selected validation type in addition to the regular expression specified. To match the group, data needs to match the expression and additionally pass the validation.
If No validation is selected in this field, the group does not perform validation. To match the group in this case, data only needs to match the expression specified.
To configure validation, select the desired type from the drop-down list in this field.
Case sensitive - When this check box is selected, the group distinguishes between lowercase and uppercase characters. For example, the words Term and term in this case are considered different words, so the group can match the word Term but not term.
When this check box is cleared, the group does not distinguish between uppercase and lowercase characters. In this case, if Term matches such a group, then term or even tErM will match that group as well.
Visual anti-spoofing - When this check box is selected, the group identifies data matching its regular expression even if certain data characters are replaced with other ones similar in appearance or meaning, including:
Latin characters in the Russian text (such as Latin b in place of Russian ь)
Latin characters in place of certain numerals (such as Latin S in place of digit 5)
Russian characters in the English text (such as Russian п in place of Latin n)
Russian characters in place of certain numerals (such as Russian З in place of digit 3)
Certain symbols in place of Russian characters (such as * (asterisk) in place of Russian ж)
Numerals in place of certain Latin or Russian characters (such as digit 1 in place of Latin I or digit 4 in place of Russian Ч)
Arabic-Indic (Eastern Arabic) numerals in place of normal Arabic numerals (such as symbol ٣ in place of digit 3 or symbol ٨ in place of digit 8)
When this check box is cleared, the group strictly distinguishes characters regardless of whether or not they are similar in appearance or meaning.
Cyrillic transliteration - When this check box is selected, the group recognizes Cyrillic text to be detected regardless of whether the text is written in Cyrillic or Latin letters. For example, if the Russian word Серия matches the group, then the word Seriya will match it as well.
When this check box is cleared, the match of the text to the group strictly depends upon the alphabet used to spell the text. For example, the group can match the word Серия but not Seriya.
Advanced - Test the regular expression on sample data. Click Advanced to display or hide the Test sample box.
Test sample - Enter a test string to test and view the results. Test results are highlighted in real time. All matches to the group’s regular expression are displayed in green, and the character sequences not matching that expression are displayed in red.
 
Important:  
To provide a Pattern group with advanced search capabilities, it is necessary to select the Indexable check box for that group in the Dialog box for managing search groups. Otherwise, the group is only capable to search for a single word or sequence of digits, and the following group settings may function incorrectly or not function at all: Validation; Case sensitive; Visual anti-spoofing; Cyrillic transliteration.
For Pattern groups that do not require advanced search capabilities, the Indexable check box is selected by default and cannot be cleared.
After upgrading DeviceLock, rebuilding the search index may be required to search for credit card numbers and e-mail addresses in the data indexed by the old DeviceLock version. To rebuild the index, follow the instruction given in Rebuilding the index on demand and, when prompted, click Yes in the confirmation message box to replace the existing index with the new one.
You cannot use the built-in Credit Card Number Pattern group to find log records and data objects that contain credit card numbers of the MIR payment system. To search for such data, create and use a duplicate of the built-in Credit Card Number group.