Fingerprint classifiers
The Properties link for a database classifier opens a page with two tabs: General and Properties. Use the General tab for field selection and the Properties tab to define the threshold and email fields described in above.
For database records classifiers, the page displays table field (or column) names. Select the fields to scan (up to 32 per table).
For endpoints, the number of fields selected for a database fingerprinting classifier can affect accuracy. For the most accurate results, scan 3 or more fields.
- If only one field is being scanned, set a minimum threshold of 5 to reduce the likelihood of unintended matches. (When an administrator attempts to set a lower threshold, the system changes it to 5.)
- If 2 fields are scanned, set the minimum threshold to 3 or more. (Trigger an incident when 3 or more field1/field2 combinations are detected.)
| Number of Fields | Minimum Threshold |
|---|---|
| 1 | 5 |
| 2 | 3 |
| 3 or more | 1 |
Note: If a condition applies to both network and endpoint resources, the threshold is changed for the endpoint only. Network resources retain the threshold you define on the Properties
tab.
For more information on creating fingerprint classifiers, see Database fingerprinting section.