Create Custom Detectors

Note:
  • Fuzzy matching capabilities can only be added through JSON uploads.
  • Query Name must have at least 5 characters.
  • Contain field is restricted symbols such as: +-&&||!(){}[]^”~?:NOT AND. If you enter the system will remove it before you save it.

To enter fuzzy terms, use the attachment examples replacing queryId and query information as your necessity. It will add the Detector to the UI.

How to:
  1. Customize your JSON file.
  2. Log in the Forcepoint DSPM UI.
  3. Go to Administration > Detectors.
  4. On the top right of the page click on EXPORT to have a backup file of all Detectors.
  5. On the top right of the page click on Import from file.
  6. Select your custom JSON saved on your computer and click Open.
  7. A message in the top right corner will confirm that your Detector was added.

Fuzzy Searches

Lucene supports fuzzy searches based on the Levenshtein Distance or Edit Distance algorithm. To do a fuzzy search use the tilde, "~", symbol at the end of a Single word Term. For example, to search for a term similar in spelling to "roam" use the fuzzy search:
  • roam~

This search will find terms like foam and roams.

Starting with Lucene 1.9 an additional (optional) parameter can specify the required similarity. The value is between 0 and 1, with a value closer to 1 only term with a higher similarity will be matched. For example:
  • roam~0.8

The default that is used if the parameter is not given is 0.5.

Reference: Apache Lucene - Query Parser Syntax