# Auto-classify data assets

{% embed url="<https://www.loom.com/share/503c552460324b95855e90bcb87c6bba?sid=b8d129ec-bbf1-43d2-9d55-4fb0fa01de7c>" %}
Using the auto-classification workflow for Sensitive Content Pattern.
{% endembed %}

Adding classifications manually might be a time-consuming task, especially if it's your first time on decube. Instead, you can opt to add it via our auto-classification workflow via the Policy rules, where you can set up keywords or via regex to detect matching asset names across multiple data sources.

<figure><img src="https://1779874722-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTw0qpCVzfrIXqS4FEg4T%2Fuploads%2Fgit-blob-12939f2027c311859eeaad211d1634c7d78acc74%2FFrame%203050.png?alt=media" alt=""><figcaption><p>Example of a rule that has been set up to detect the address column across multiple data sources.</p></figcaption></figure>

### Set up your policy rules

From any classification policies page, you can click on `Set up new rule` to access the new rule setup workflow.

1. Select the data sources to apply the rules.
2. Select the rule type. You can choose either to input a keyword or a regex to match strictly or approximately.
   * Optionally, if we detect new assets that have been added to your data sources, we can also add the classification automatically if you check the checkbox for `Auto-add new assets to this rule`.

{% hint style="warning" %}
Note that the regex expression has to be written in ElasticSearch syntax. Information on what are valid regex expressions can be found [here](https://www.elastic.co/docs/reference/query-languages/query-dsl/regexp-syntax).
{% endhint %}

3. Click on `Fetch assets`. All assets that match according to your rule type will be shown.
4. Select one of the several masking types to be applied. This will take effect in the [Preview](https://docs.decube.io/catalog/preview-sample-data) section where dynamic masking is applied.

The creation, modification, and deletion of a rule will require an approval workflow before it is reflected in your organization. You can read more on the [approval workflow](https://github.com/DecubeIO/decube-docs/blob/public/governance/auto-classify-data-assets/broken-reference/README.md) here.

<figure><img src="https://1779874722-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FTw0qpCVzfrIXqS4FEg4T%2Fuploads%2Fgit-blob-33b3c830d2f13af917eb38ce199e707522ca2c71%2FFrame%203048.png?alt=media" alt=""><figcaption><p>Setting up a new rule is a simple and straightforward process to fetch all relevant assets.</p></figcaption></figure>

### Masking type - Hierarchy for masking

When multiple classification policies are applied to the column, the masking type selected if they are different, will follow a certain hierarchy to be shown to the user, with the highest priority masking type applied. You can view the below masking type sorted from highest to lowest priority:

* SHA-256
* First four characters
* Last four characters
* Email masking (eg. \*\*\*\*\*\*\*\*@domain.com)
* Hash\* (eg. \*\*\*\*\*)
* Nullify