CMDB relationship mappings
Identifies cmdb relationship mappings patterns in security and access control contexts. Detects potential exposure of sensitive security information in Australian systems.
- Type
- regex
- Engine
- boost_regex
- Confidence
- medium
- Confidence justification
- structural regex with domain-specific anchors and constrained context replaces phrase-only marker.
- Detection quality
- Mixed
- Jurisdictions
- au
- Regulations
- NDB Scheme (Cth), SOCI Act 2018 (Cth), TIA Act 1979 (Cth)
- Frameworks
- CIS Controls, DISP, ISO 27001, NIST CSF, PCI-DSS, SOC 2
- Data categories
- credentials, security
- Scope
- wide
- Platform compatibility
- Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Degraded, Netskope: Unsupported
Pattern
(?is)\b(?:cmdb|configuration\s+item|service\s+map|dependency\s+map)\bCorroborative evidence keywords
cmdb relationship mappings, cmdb, relationship, mappings, operations, resilience, proprietary, intellectual property, trade secret, patent, copyright, trademark, confidential, invention, prototype, algorithm, formula, source code, design document, research and development (+7 more)
Proximity: 300 characters
Should match
CMDB relationship mappings— Exact phrase marker matchcmdb relationship mappings— Case-insensitive phrase matchCMDB relationship mappings— Normalized whitespace phrasestructured sample with matching anchors— Structural anchor sample
Should not match
unrelated generic text— No relevant phrase contextplaceholder value 12345— Random text should not match phrase markergeneric policy prose without anchors— Should reject generic mentions without structural anchor terms
Known false positives
- Authentication-related terminology in software documentation, security training materials, or system architecture descriptions without actual credentials. Mitigation: Require proximity to credential-specific patterns (API keys, connection strings, tokens) rather than general security terminology.
- Code snippets and configuration examples containing credential-related keywords or placeholder values in developer documentation. Mitigation: Check for common placeholder patterns (example.com, localhost, 0000) and documentation file types to reduce false positives from technical writing.
References
- https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism
- https://www.homeaffairs.gov.au/about-us/our-portfolios/emergency-management
- https://www.disasterassist.gov.au/
- https://www.oaic.gov.au/privacy/australian-privacy-principles-guidelines/chapter-11-app-11-security-of-personal-information