Alerts

Describes how Philter's alerting works.

Philter can optionally generate alerts when a particular type of sensitive information is identified.

Alert Conditions

In a filter profile, each type of sensitive information can have zero or more filter strategies. Each filter strategy can optionally have a condition associated with it. When a condition is present, the filter strategy will only be satisfied when the condition is satisfied. For example, a condition may be created to only filter phone numbers that start with the digits 123 or only filter names that start with John. Filter strategy conditions give you granular control over the filtering process.

When a filter strategy condition is satisfied, Philter can optionally generate an alert. This feature allows you to be notified when a particular type of sensitive information is identified.

Enabling Alerts

Alerts are enabled on a per-condition basis. For instance, given the following filter profile to identify email addresses, a condition has been added to only match the email address test@test.com. Because of the property alert set to true, an alert will be generated when this condition is satisfied. By default, the alert property is set to false disabling alerts for the condition.

{
"name": "email-address-alert",
"identifiers": {
"emailAddress": {
"emailAddressFilterStrategies": [
{
"id": "my-email-strategy",
"strategy": "REDACT",
"redactionFormat": "{{{REDACTED-%t}}}",
"condition": "token == \"test@test.com\"",
"alert": true
}
]
}
}
}

Structure of an Alert

An alert contains the following information:

Property Name

Description

id

A unique ID for the alert formatted as an UUID.

filterProfile

The name of the filter profile triggering the alert.

strategyId

The ID of the filter strategy triggering the alert. In the example above the id would be my-email-strategy.

context

The context.

documentId

The ID of the document which triggered the alert.

filterType

The filter type ("email-address", "credit-card", etc.) triggering the alert.

date

A timestamp when the alert was generated formatted as yyyy-MM-dd'T'HH:mm:ss.SSS'Z'.

Retrieving and Deleting Alerts

The alerts that Philter has generated are available through Philter's alerts API. This API allows for retrieving and deleting alerts. Using this API you can build sophisticated notification systems around Philter's capabilities.