< Home

Configuring a Keyword Group

A keyword group is a set of keywords for data filtering. You must configure a keyword group before configuring the data filtering profile.

Context

The keyword group includes predefined keywords and user-defined keywords.

  • Predefined keywords include bank card numbers, credit card numbers, social security numbers, ID card numbers, mobile phone numbers, and confidentiality (including confidential, secret, and top secret).

  • User-defined keywords can be texts or regular expressions. For details on how to use the regular expression, see Rules of regular expressions.

The configured keyword group must be referenced in the data filtering rules. For details, see Step 5 in Configuring Data Filtering.

The FW has a default keyword group named default. You cannot modify or delete the default keyword group.

Procedure

  1. Access the system view.

    system-view

  2. Create a keyword group and display the keyword group view.

    keyword-group name name

  3. Configure the description of a keyword group.

    description description

  4. Reference a predefined keyword in a keyword group and set the keyword weight.

    pre-defined-keyword name name weight weight-value

    Each keyword (including predefined and user-defined keywords) in the group has a weight. This value indicates the confidentiality and importance of the keyword. A larger value indicates a more important keyword.

    When detecting a keyword, the system accumulates the weight of the keyword, compares with the alarm threshold or blocking threshold defined in the data filtering rule, and takes the alert or block action.

  5. Create a user-defined keyword and display the user-defined keyword view.

    user-defined-keyword name name

  6. Configure the description of a user-defined keyword.

    description description

  7. Configure the expression string of user-defined keywords.

    expression match-mode { text | regular } text

    You can configure text expression or regular expression for user-defined keywords that are to be identified.

    • In text expression mode, keywords are expressed as text strings. For example, you can use the text confidential file to identify a keyword. Text expression is accurate and easy to configure.

    • Regular expression keywords provide fuzzy matching capability. For example, "." in "abc.de" can represent any single character. Therefore, "abc.de" can match "abcxde", "abcyde", or "abc8de".

      Keywords in a regular expression can be flexibly and efficiently matched, but the configuration must observe Rules of regular expressions.

  8. Configure the matching mode for data filtering as keyword case-sensitive.

    case-sensitive enable

    This is the default matching mode.

  9. Configure the weight of a user-defined keyword.

    weight weight-value

    The default weight value of a user-defined keyword is 1.

  10. Return to the system view, commit the profile.

    engine configuration commit

    The new or modified security profile does not take effect until you run the engine configuration commit command to commit the configuration. To save time, you can commit changes after all changes are made.

Follow-up Procedure

  • In the keyword group view, rename a keyword group and enter the new keyword group view.

    rename new-name

  • In the user-defined keyword view, rename a user-defined keyword and enter the new user-defined keyword view.

    rename new-name

Parent Topic: Configuring Data Filtering Using the CLI
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >