You can customize the sensitive data classes that Metlo detects by editing the Metlo Config on the settings tab in your UI.

Metlo provides predefined sensitive data classes for

  • Email
  • Credit Card Number
  • Social Security Number
  • Phone Number
  • IP Address
  • Geographic Coordinates
  • Address

To disable any of these fields from being used by Metlo you can provide a list of classes under the disabledDataClass field. For example:

YAML
disabledDataClass:
  - IP_ADDRESS
  - PHONE_NUMBER

The allowed values are the following:
EMAIL, CREDIT_CARD, SSN, PHONE_NUMBER, IP_ADDRESS, COORDINATE, VIN, ADDRESS, DOB, DL_NUMBER.

You can also define your own Sensitive Data Classes for Metlo to use under the sensitiveData field. For example, if we wanted to make a data class which identifies fields which have the text key- or key. included in them, we would make the following rule:

YAML
sensitiveData:
  <custom-data-name>:
    severity: MEDIUM
    patterns:
      - "key-"
      - "key.*"

The format should be an object of key, value pairs with the keys being the name of the data class. The values should have a severity field to denote the risk score of the class and a patterns field which should have a list of regex patterns to use to identify that data class. The possible values for severity are HIGH, MEDIUM, LOW, and NONE.

AuthenticationAttack Detection