A glossary of the basic concepts of Cortex Cloud Data Security.
Notice
This feature is included with a Cortex XSIAM Premium license. It is also included with any other Cortex XSIAM license that has the Cloud Posture Security or Cloud Runtime Security add-on.
The following is a list of the basic concepts related to Cortex Cloud Data Security:
Data asset: Any asset that contains data in a customer environment.
Storage: A data asset that contains folders and files.
Database: A data asset that contains structured data in tables and columns. It can also contain semi-structured data (non-tabular data).
Disk: A type of data asset that is a VM disk in cloud environments such as EBS for AWS, managed disks in Microsoft Azure, and Persistent Disk in Google Cloud Platform (GCP). These can host files, folders, and databases.
Discovery: The process of detecting data assets in a customer environment.
Data classification: The process of scanning data for sensitive records and identifying the class and quantity of sensitive records within a data asset.
Object: An instance of either files or columns, in a storage asset or database asset, respectively.
Data pattern: The basic structure of data that is discovered in an object, such as an email address, an IP address, a phone number, a name, a credit card number, and a bank account number.
Data profile: A group or category of multiple data patterns sharing similar attributes. For example, personally identifiable information (PII) is a data profile that could include an email address, phone number, or name. Another example of a data profile is developer secrets, which might include a token, AWS key, or certificate.
Sensitive Record: A sensitive record is defined by having a data pattern that is matched with a data object.
False positive: A case where certain data is detected as being a specific data pattern but actually matches a different data pattern or possibly should not match any data pattern at all.
Data security finding: Findings are security-related insights that are generated as part of data scanning but are not necessarily actionable. For example, "shadow backups found” is an example of a finding that can be generated by the Cortex Cloud Data Security scanner.
Data security issues: Issues reflect actionable security risks that are generated by a Data Policy. For example, “sensitive public object in private asset” is an issue referencing a scenario where an object is publicly accessible while the asset configuration does not make it entirely public.