How to Setup the miniOrange Data – PII Scanner (DLP) for JIRA

Download And Installation

1: Get Started

To access the Data - PII Scanner, follow these steps:

• Navigate to the Apps section in the top navigation bar of your JIRA dashboard.
• Look for Data - PII Scanner in the dropdown menu. Please note that this option is available only for users with Admin permissions.


1.1: Comprehensive Scan of All JIRA Projects

• In the Data - PII Scanner interface, navigate to the top-right corner and select the Scan option. This will initiate a comprehensive scan of all JIRA tickets across your projects.
• As the scan progresses, monitor its status through the progress bar, which provides a visual update of the scanning process.
• Once the scan is complete, you’ll receive a detailed overview of any exposed PII within your JIRA projects. From here, you can review the findings and take the necessary actions to address potential data exposure.


1.2: Detailed Project Findings and Ticket Violations

• Select the specific Project for which you want to view detailed insights into ticket-wise findings and violations.
• Click on Scan to start a new scan for the selected project. This will provide updated information on any identified issues and plugin violations.
• This process ensures that you have the most current and accurate results for the chosen JIRA Project and its tickets, helping you address any potential data exposure effectively.


2: Create a custom rule/regex

You can create custom rules or regex patterns to thoroughly scan JIRA for specific data patterns and report any occurrences. Follow these steps to add a new rule:


• Click the Add Custom Regex button on the right side of the interface.
• Enter a Name for the rule, which will help you identify it in future findings.
• Enter the Regex pattern that matches the content you want the scanner to detect.

You can add multiple custom rules to tailor the scan to your organization’s specific needs.



3: Group rules as a classification

You can group multiple custom rules, along with some or all built-in rules, to create a classification that can be used in various policies.

Follow these steps to set up your classification:


• Click Add Classification to start grouping your rules.
• Enter a Name and Description for the classification to clearly identify its purpose.


• Add the desired rules—both custom and in-built—to the classification as a set.
• Once you've added all the necessary rules, click Save to finalize your classification.

4: Design a policy

Create policies to target specific projects with different classifications. Follow these steps to set up a new policy:

• Click Add Policy to start creating a policy.

• Enter a Name and Description for the policy. These details will appear on the dashboard whenever a policy violation is detected.

• By default, the policy applies to all projects. You can adjust this by removing any projects that you don’t want to include.
• Add the necessary Classifications to the policy to define which rules will be applied during scans.

5: Action Setting

Define how PII information should be redacted by choosing from three options:


• Partial Redact: Masks only a portion of the identified PII data, leaving some characters visible for context.
• Full Redact: Completely masks the identified PII, ensuring that no part of the information is visible.
• Custom String: Replace the identified PII with a specific string of your choice.

Additional Resources

• What is Data loss prevention software ?
• What is PII ?