Adding Regular Expressions for Custom Detection Rules and Custom Exception Expressions to Group Policy

  • 7021396
  • 01-Nov-2011
  • 30-Oct-2020

Environment

Reflection Desktop (including Pro, for X, for IBM, or for UNIX and OpenVMS) 16.0 and higher
Reflection 2014
Reflection for IBM 2014
Reflection for UNIX and OpenVMS 2014
Reflection for IBM 2011 R2 or higher
Reflection for UNIX and OpenVMS 2011 R2 or higher
Reflection Standard Suite 2011 R2 or higher

Situation

This technical note describes how to include the regular expressions provided in the Reflection Desktop, Reflection 2014, and Reflection 2011 R2 and R3 interface for Custom Detection Rules and Custom Exception Expressions in your Group Policy object.

Before you can configure Payment Card Industry Data Security Standards (PCI DSS) with group policy, you need to copy the required files as described in the “To set up Information Privacy with Group Policy” topic in the

Reflection Desktop 17 Deployment Guide: https://www.microfocus.com/documentation/reflection-desktop/17-0/deployment-guide/set-up-information-privacy.htm

Reflection Desktop 16 Deployment Guide: https://www.attachmate.com/documentation/reflection-desktop-v16/deployment-guide/data/t_33091.htm

Reflection 2014 Deployment Guide:  https://docs.attachmate.com/reflection/2014/r1/deploymentguide.pdf#page=44

Reflection 2011 Deployment Guide:  https://docs.attachmate.com/reflection/2011/r2/deploy/deploymentguide.pdf#page=72

Resolution

Add Expressions for the Define Additional PAN (Primary Account Number) Matching Rules Setting

  1. In the Group Policy editor, open the Information Privacy settings.
  1. Select "Define additional PAN matching rules" and then click "Edit policy setting."
  2. In the Define additional PAN matching rules dialog box, select Enabled.
  1. Click "Show…" to open the Show Contents dialog box for "Matching rules:" where you can enter the regular expressions.
  1. Copy the regular expressions you want to add to the Value list.

Detection Rules:

    Description
    Expression
    16 digit Visa
    ^4\d{15}$
    16 digit MasterCard
    ^5[1-5]\d{14}$
    15 digit American Express
    ^3[47]\d{13}$
    16 digit Discover
    ^6(?:011|5[0-9]{2})\d{12}$
    14 digit Diner’s Club
    (^(30)[0-5]\d{11}$)|(^(36)\d{12}$)|(^(38[0-8])\d{11}$)
    14 digit Carte Blanche
    ^(389)\d{11}$
    15 or 16 digit JCB
    (Japanese Credit Bureau)

    ^(?:2131|1800|35\d{3})\d{11}$
    15 digit enRoute
    (^(2014)|^(2149))\d{11}$
    15 digit Voyager
    ^8699\d{11}$

Note: You can copy only the expressions into the Value list. You cannot copy the descriptions.

Add Expressions for PAN Exceptions

  1. In the Group Policy Information Privacy window, select "Define PAN exception rules," and then click "Edit policy setting."
  2. In the Define PAN exception rules dialog box, select Enabled.
  1. Click Show to open the Show Contents dialog box for Exception rules.
  1. Copy the exception rule expressions you want to add to the Value list.
Description
Expression
Date pattern that has year at the end. Date separators are allowed to be hyphens or slashes.
\b[0-3]?[0-9][/\p{Pd}][0-3]?[0-9][/\p{Pd}](?:[0-9]{2})?[0-9]{2}\b
Date pattern that has 4 digit year at the beginning.
\b([0-9]{4})[/\p{Pd}](1[0-2]|0[1-9])[/\p{Pd}](3[0-1]|0[1-9]|[1-2][0-9])\b
US Social Security numbers.
\b(?!000|666)(?:[0-6][0-9]{2}|7(?:[0-6][0-9]|7[0-2]))\p{Pd}(?!00)[0-9]{2}\p{Pd}(?!0000)[0-9]{4}\b
Time format with HH:MM:SS.
\b(1[0-2]|0?[1-9]):([0-5]?[0-9]):([0-5]?[0-9])\b|\b(2[0-3]|[01]?[0-9]):([0-5]?[0-9]):([0-5]?[0-9])
Time format with HH:MM.
\b(1[0-2]|0?[1-9]):([0-5]?[0-9])\b|\b((2[0-3]|[01]?[0-9]):([0-5]?[0-9]))
This allows currency symbol beginning or trailing, with whitespace in between the symbol and the amount. The comma or decimal point are allowed to be either the grouping symbol or the decimal.
(\p{Sc}\p{Z}?(\d{1,3}([\,\.]\d{3})*|(\d+))([\.\,]\d{2})?)|((\d{1,3}([\,\.]\d{3})*|(\d+))([\.\,]\d{2})?\p{Z}?\p{Sc})
Numbers that use the comma as a thousands separator and dot as the decimal separator. Fractional parts are optional. Must include at least one thousands group.
\b[0-9]{1,3}(,[0-9]{3})+(\.[0-9]+)?\b
North American phone numbers, requiring at least the area code. This also allows an optional country code +1. Do not allow space as a separator between the 7 digit portion.
(?:\+?1[-. ]?)?\(?\b([0-9]{3})\)?[-. ]?([0-9]{3})[-.]?([0-9]{4})\b
Percentages as a whole number with optional fractional part. Matches if isn't prefixed with a digit or decimal point.
(?<![\d\.])\d{1,3}(?:\.\d{1,2})?%
Floating point numbers. Optional sign, integer, and fraction. If the integer part is omitted, the fraction is mandatory. If the fraction is omitted, the decimal dot must be omitted too. Optional exponent. Alternatively, integers with a preceding positive sign are allowed.
[+\p{Pd}]?([0-9]+(\.[0-9]+)|\.[0-9]+)([eE][+\p{Pd}]?[0-9]+)?\b|[+][0-9]+\b
Canadian postal codes. First part is a negative look-ahead preventing DFIOQU anywhere in the string. [A-VXY] prevents W or Z as first character. Otherwise, alternate alpha and numeric with a space in the middle.
\b(?!.*[DFIOQU])[A-VXY][0-9][A-Z] [0-9][A-Z][0-9]\b
UK postcodes. Five to seven alphanumeric chars separated by a space. See British Standard BS7666.
\b[A-Z]{1,2}[0-9R][0-9A-Z]? [0-9][ABD-HJLNP-UW-Z]{2}\b
Dutch postcodes. Digit between 1-9, followed by 3 digits and at least one space, followed by two letters.
\b[1-9]\d{3}\ +[A-Z]{2}\b
Function key help in IBM host screens. PFxx=, Fxx= and PFxx, and x(x)=. The latter requires leading and trailing whitespace.
\bP?F[0-9]{1,2}=|\bPF[0-9]{1,2}\b|\s[0-9]{1,2}=\s
IBM file mode designator A followed by any digit within leading and trailing word boundaries.
\bA\d\b
File size designator in kilobytes, allowing for up to 2 preceding digits.
\b\d{1,2}K\b
Standalone integers, optionally followed by a decimal/period. Requires leading and trailing whitespace.
\s\d{1,2}\.?\s
Standalone integers, optionally followed by a decimal/period. Requires leading whitespace and must be the end of the input.
\s\d{1,2}\.?$
Standalone integers, optionally followed by a decimal/period. Requires trailing whitespace and must be the beginning of the input.
^\d{1,2}\.?\s
IBM host application copyright notices that include one standalone or two comma separated years.
Copyright IBM Corp.\s\d\d\d\d(, \d\d\d\d)?
The literal string ‘COBOL/370’ as might appear in certain IBM application screens.
COBOL/370

Additional Information

Legacy KB ID

This article was originally published as Attachmate Technical Note 2576.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.