Skip to content

What Are Data Types?

While Applications define where to look, Data Types define what to look for.

Nullafi Shield comes with a comprehensive set of built-in Data Types that cover most common detection requirements. These are used in policies to identify sensitive or regulated information such as:

  • Email addresses
  • IP addresses
  • Credit card numbers
  • National IDs
  • Custom formats specific to your organization

Viewing the Data Types List

The Data Types page in the Admin Console displays all the Data Types Shield is capable of detecting. Each Data Type includes:

  • Type: A machine-readable identifier for automated logging or integrations.
  • Name: A user-friendly label for policy creation and management.

You can sort the list by clicking any column title. Click again to toggle between ascending and descending order.

Creating a New Data Type

In rare cases, organizations may need to define their own custom Data Types to detect proprietary or internal patterns.

To create a new Data Type:

  1. Click Add New Data Type in the upper-right corner of the Data Types page. A configuration panel will appear on the right.
  2. Enter the following:
    • Type: An identifier. Must be unique.
    • Name: A readable label for use in the console.
    • Description (optional): Any context or notes.
  3. Under Definitions, add one or more regular expressions to identify matching patterns.
  4. Click Add for each regex.
  5. Click Save to finalize the Data Type.

Advanced Data Type Definitions

Some applications require special consideration of formatting or transit. Nullafi Shield offers Advanced Settings which can be associated with the regular expression matching for a Definition. Please contact Nullafi Customer Support for help with complicated data types.

Advanced Settings

⚙️ Advanced Settings – Data Type Obfuscation Rules

In a Data Type definition, the Advanced Settings section contains three fields that define how and when to apply obfuscation to values in structured or semi-structured data.

1. 📦 JSON Definition

This field allows you to define obfuscation rules for specific properties in JSON responses using a structured JSON query format.

🔍 Purpose

Use it to match keys, values, arrays, and nested objects. You can also apply conditional logic and regular expressions to determine whether to obfuscate a value.

✅ Example 1 – Obfuscate all description fields

{
  "Search": {
    "Object": {
      "Key": {
        "Value": "description"
      }
    }
  }
}

✅ Example 2 – Obfuscate title only when pricing is "paid"

{
  "Search": {
    "Object": {
      "Condition": {
        "HasKey": {
          "Value": "pricing"
        },
        "HasValue": {
          "Value": "paid"
        }
      },
      "Key": {
        "Value": "title"
      }
    }
  }
}

✅ Example 3 – Obfuscate values in listingCategories array that start with "C"

{
  "Search": {
    "Object": {
      "Key": {
        "Value": "listingCategories"
      },
      "Value": {
        "Array": {
          "Value": {
            "String": {
              "Regex": "(?i)^C.+"
            }
          }
        }
      }
    }
  }
}

2. 🌐 HTML Definition

This field accepts an XPath string used to extract values from HTML documents. You can combine this with a regex (defined separately) to detect sensitive data.

✅ Example

HTML Definition (XPath only):

 //a/@href

Regex (configured separately):

(?:(?:ASIA|AKIA|AROA|AIDA|ABIA|ACCA)(?:[A-Z0-9]{16}))

CheckBoundaries:

true

This setup extracts all href attributes from anchor tags and applies a regex to detect access key patterns. With CheckBoundaries: true, the match must not be embedded inside other tokens.

3. 🎯 Value Group Index

If the regex includes capture groups, this numeric field defines which group should be obfuscated.

✅ Example

Regex:

user:([a-zA-Z0-9_]+)@domain.com

Value Group Index:

1

Effect:
Only the capture group ([a-zA-Z0-9_]+) — i.e., the username — will be obfuscated. The domain part remains visible.

If this field is omitted or set to 0, the entire match is obfuscated.

📌 Summary

Field Name Type Description
JSON Definition JSON Declarative rule set for selecting and obfuscating fields in JSON
HTML Definition string XPath selector for extracting HTML elements or attributes
Value Group Index integer Optional: index of the capture group to obfuscate in regex-based matches

Use these fields to precisely control which parts of the data should be obfuscated and under what conditions.

Editing an Existing Data Type

To edit a custom Data Type:

  1. Hover over the desired Data Type row in the listing.
  2. Click the three-dot menu that appears.
  3. Select Edit.
  4. Modify the Type, Name, Description, or Definitions as needed.
  5. Click Save.

Note: Built-in Shield Data Types cannot be edited. The Edit option will only appear for user-created entries.

Data Type Groups

Data Type Groups are groupings that allow for large lists of data types to be treated as one entity when making Policy.

To create a new Data Type Group:

  1. Click Add New Data Type in the upper-right corner of the Data Types page. A configuration panel will appear on the right.
  2. Enter the following:
    • Type: An identifier. Must be unique.
    • Name: A readable label for use in the console.
    • Description (optional): Any context or notes.
  3. Check the Data Type Group checkbox.
  4. Select as many Data Types as needed from the Data Types drop-down box.
  5. Click Save to finalize the Data Type Group.

Custom Data Types offer flexibility when built-in options aren't enough. By combining custom definitions with regex and optional advanced logic, Shield can detect and classify virtually any data structure that matters to your organization.