General Password

This SIT is also included in the All credentials bundled SIT.

Format

Up to 20,000-character combination of letters, digits, and special characters.

or

Sign in credentials used in command lines

or

Plain-text password used in code snippets

or

Plain-text password used in script

or

Plain-text password used in XML configuration

or

A combination of 24 characters consisting of letters, digits, and special characters.

or

A combination of 32 characters consisting of letters and digits.

or

A combination of 32 characters consisting of letters, digits, and special characters.

or

A combination of 44 characters consisting of letters, digits, and special characters.

or

An 88-character combination of letters, digits, and special characters.

Patterns

  1. Any combination of up to 20,000 characters consisting of:

    • a-z (case insensitive)
    • 0-9
    • forward slashes (/) or plus signs (+)
    • Up to two equal signs (=)
  2. Various command line sign-in credentials formats

  3. Various password formats in code snippets

  4. Various password formats in script

  5. Various password formats in XML

  6. Any combination of 22 characters consisting of:

    • a-z (case insensitive)
    • digits, forward slashes, or plus signs
    • ends with two equal signs (=)
  7. Any combination of 32 characters consisting of:

    • a-f or A-F (case-sensitive) or 0-9
  8. Any combination of 32 characters consisting of:

    • a-z (case insensitive)
    • 0-9
    • forward slashes (/) or plus signs (+)
  9. Any combination of 43 characters consisting of:

    • a-z (case insensitive)
    • 0-9
    • forward slashes (/) or plus signs (+)
    • ends with an equal sign (=)
  10. Any combination of 86 characters consisting of:

    • a-z (case insensitive)
    • 0-9
    • forward slashes (/) or plus signs (+)
    • ends with two equal signs (=)

Credential example

Confidence Band Example
High password = D3m0P@sswd!
Medium secret : DemoPasswd!
Low password = demopasswd2

Checksum

Yes

SITs that have checksums use a unique calculation to check if the information is valid. This means when the Checksum value is Yes, the service can make a positive detection based on the sensitive data alone. When the Checksum value is No additional (secondary) elements must also be detected for the service to make a positive detection.

Keyword Highlighting

Supported

When keyword highlighting is supported in the contextual summary for a sensitive information type or a trainable classifier, in the Contextual Summary view of activity explorer, the keywords in a document that were matched to a policy are highlighted.

Description

This SIT is designed to match security information, such as usernames and passwords, that are used in the sign-in process user login process. It uses several primary resources:

  • Patterns of Base64 encoded string literal.
  • Patterns of Password context in command line.
  • Patterns of Password context in code.
  • Patterns of Password context in script.
  • Patterns of Password context in XML.
  • Patterns of Base64 encoded 128-bits symmetric key.
  • Patterns of Hex encoded 128-bits symmetric key.
  • Patterns of Base64 encoded 192-bits symmetric key.
  • Patterns of Base64 encoded 256-bits symmetric key.
  • Patterns of Base64 encoded 512-bits symmetric key.
  • Patterns of CredentialName, CredentialFeatures, AccountIdentityName, AccountIdentityValue, ResourceType, ResourceName, ID, AccountName.
  • Patterns of mockup values, redactions, and placeholders.
  • A dictionary of vocabulary words.

The patterns are designed to match actual credentials with reasonable confidence. The patterns don't match credentials formatted as examples. For instance, mockup values, redacted values, and placeholders, like credential type or usage descriptions, that are in the position where an actual secret value should present aren't matched.

Keywords

Keyword_Base64EncodedStringLiteral

  • MII

Keyword_PasswordContextInCmdLine

  • certutil
  • zdbg
  • secret
  • VSTS_TOKEN
  • curl
  • PowerShell
  • ps1
  • -u
  • Smc
  • AutoLogon
  • ldifde
  • Rclone
  • --env
  • SignTool
  • winexe
  • net

Keyword_PasswordContextInCode

  • key
  • x509c
  • credential
  • password
  • pw
  • securestring

Keyword_PasswordContextInScript

  • secret
  • password
  • pw

Keyword_PasswordContextInXml

  • userpass
  • password
  • pw
  • connectionstring
  • key
  • credential
  • token
  • sas
  • secret

Keyword_SymmetricKey128

  • secret
  • key
  • password
  • pw

Keyword_SymmetricKey128Hex

  • dapi
  • key
  • secret
  • token
  • password
  • pw

Keyword_SymmetricKey192

  • password
  • -p
  • azurecr

Keyword_SymmetricKey256

  • SharedAccessKey
  • AccountKey

Keyword_SymmetricKey512

  • SharedAccessKey
  • AccountKey