Data Classification governs how sensitive data is identified, categorized, and labeled across the platform. It serves as the foundational engine that powers both Data Security Posture Management (DSPM) cloud scanning and Endpoint Data Loss Prevention (DLP) detection capabilities.
Users can access Data Classification from both → → and → → . Data Classification includes the following:
Data Patterns: Definitions used to identify specific types of sensitive data.
Data Profiles: Logical groupings of data patterns used to assign severity and classification labels.
Global Settings: Overarching configurations for Optical Character Recognition (OCR), data masking, and preview samples.
Caution
Data Classification requires Cloud Posture Security, Cloud Runtime Security, or Cortex XSIAM Premium license.
System-provided (predefined) patterns cannot be edited or deleted regardless of permissions.
For more information, see What is Cortex Cloud Data Classification?.
Permissions | Description | Roles Example |
|---|---|---|
None | No access to Data Classification configuration. | SOC Tier-1 Analyst: Data classification configuration is outside Tier-1 triage responsibilities. |
View | Read-only access to all Data Classification configuration pages. The user can navigate to Data Patterns, Data Profiles, and Global Settings pages and see all existing configurations, but all actions are hidden or disabled. |
|
View/Edit | Full access to all Data Classification configuration pages. The user can view all configurations and has complete control to create new custom data patterns and profiles, edit existing custom items, duplicate patterns and profiles, delete custom items, enable/disable patterns and profiles, and modify Global Settings (OCR, masking, preview samples). | Security Engineer: Primary responsibility for defining and maintaining data classification rules. |