Cisco
Login
Search
Software Secure Access
Activity Manage

Cisco Secure Access Help Manage Data Classifications Create an Exact Data Match Identifier Procedure

Last updated: Aug 07, 2025

Procedure

  1. Navigate to Secure > Settings > Data Classification > Exact Data Matches and click ADD EXACT DATA MATCH IDENTIFIER.
  2. Provide a name and description for the exact data match, then upload sample data and click Next.

     
    Do not upload any real data in the CSV. Use only sample data for the template.
  3. From the drop-down menu, choose the type of data of each field.

    The available field types are described in Exact Data Match Field Types:

  4. Select the Primary field that must be found with other data fields for the identifier to match and click Next. The primary field should be the field in the record to always match. The secondary fields are the number of fields in the record that should be present with the primary field to match.
  5. Enter the minimum number of secondary fields required to be found within 10 terms of the primary field for a match. You can have no secondary field, or up to as many fields in the record that are not the primary field. For example, if at least 3 secondary fields are required, then the identifier will trigger an event only when 3 or more additional fields are found with the primary field. If the .csv file has only 1 column, then the secondary option is greyed-out and automatically set to 0. Click Next.

     
    Note: The secondary fields must each be a different identifier.
  6. Click the download icon to download the DLP indexer. Then click Save.

     
    You can click on Command Line Parameters to view information about the command line arguments required to run the indexer.
  7. The EDM Identifier now has a status of Data Not Indexed. You can expand the listing to view the details about the EDM Identifier. When the EDM identifier status is Data Not Indexed, you can edit the field types, the primary field selection, and the matching conditions, but the EDM Identifier cannot be added to a data classification. Make note of the ID for th EDM Identifier; you will need it to run the DLP indexer.

     
    The display page does not display the full EDM identifier ID; use the Copy icon to copy the ID
  8. Create an API key and secret for the EDM data indexer.

    1. Navigate to Admin > API Keys and click Open API Keys.

    2. Click Add and provide an API Key Name and Description for the API Key.

    3. Select Policies > DLP Indexer for the scope and choose Read/Write for the permissions. Then click Create Key.

    4. Copy and save the API Key and Secret somewhere safe, as you will need them to run the DLP Indexer.

  9. Click ACCEPT AND CLOSE.
  10. Use the Secure Access DLP Indexer to index your data records. For more information on the indexer, see Index Data for an EDM.

    1. Move the indexer from the Downloads folder to a convenient location, such as the folder where the data records are stored.

    2. Run the indexer in a terminal window with the following command:

      java -jar <directory_path>\dlp-indexer.jar -i "<directory_path>\<source_file>.csv"

      -e <edm_template-id> -k <authKey> -s <authSecret>

      where:

      • <directory_path>\dlp-indexer.jar—the relative path to the location of the DLP indexer

      • "<directory_path>\<source_file>.csv"—the relative path to the csv spreadsheet with the actual data records

      • <edm_template-id> —the ID of the EDM Identifier retrievable from the Umbrella UI (see Step 7)

      • <authKey>—the API Key previously saved at Step 8d

      • <authSecret>—the API Secret previously saved at Step 8d

The EDM Identifier now has a status of Data Indexed.

The EDM Identifier now has a status of Data Indexed.


 
When the EDM has a status of Data Indexed, you can add the EDM to a data classification but you can not edit the field types, primary field selection, or matching condition.

If you update your source file with new or changed records, you need to run the DLP indexer again on that file using the same EDM Identifier ID, API Key, and API Secret. This ensures that policies configured to use the EDM Identifier are updated to reflect the new data fingerprints. For more information, see Update the Indexed Data Set Periodically.

Previous topic Prerequisites Next topic Index Data for an EDM