Guides

Features

Advanced

Thresholds allow you to set limits on your sensitive data. By adding and applying thresholds to data grouped in locks, data can be dynamically restricted or blocked based on specific rules. It can also be used to alert and record query activity.

Thresholds limits on the following: how much data can you access, when the data is being consumed, where the request is coming from, and who is allowed to access the data. If a threshold is breached an anomaly will occur.

Predictive Thresholding Behavior

With predictive thresholding, we analyze the query the first time its ran and predict the number of rows the query will produce. We use that prediction to allocate row counts for governance, giving you governance the very first time you execute a new query through ALTR. The ability to predict row count is limited to "simple" SELECT statements without clauses such as WHERE and JOIN, that change the number of rows. Predictive thresholding is turned on by default and available for Snowflake Cloud Integration data sources.

To Create a Threshold

  1. Go to Data policy → Thresholds → Add New
  2. Input threshold’s name, action it should perform, rules it should follow and identify which locks and user groups will be affected.
  3. Click ‘Add threshold’. You have successfully added a threshold.

Actions & rules

  • Generate Anomaly - An anomaly notification will generate in the Anomalies page.
  • Quicksand – The user’s or application’s data access is significantly slowed, and an anomaly is generated.
  • Block – The user’s or application’s data access is blocked returning a string reading “BLOCKED” and an anomaly will generate.
  • Access Rate – Triggers an action when a user or application attempts to access data a specific number of times within a specific length of time.
  • Time Window – Triggers an action when a user or application attempts to access data outside of the set timeframe.
  • IP Address – Triggers an action when a user or application from an unspecified IP address attempts to access data.

Update or remove thresholds

Update or Remove threshold:

  1. Select the threshold you want to update, make necessary changes on the right pane.
  2. Once done you can ‘Update threshold’ or ‘Remove Threshold’.
Note: you can enable & disable thresholds by clicking the slider button to toggle the threshold on or off

Anomalies

When a threshold is exceeded, an anomaly is generated and displayed in the Anomaly Feed as a card. Identified anomalies do not necessarily mean a breach has occurred; just that the behavior that deviates from the expected has been detected. Resolve an anomaly to give access to the data.

First section of content