Some scanning rules can generate many false positives, requiring more effort to disposition findings, and some rules are not universally applicable. The following rules are disabled by default:
-
GENERIC_PASSWORD - This rule generates a high rate of false positives.
-
SSH_PUBLIC_KEY - SSH public keys are by definition not sensitive information. If your organization wants to audit for public keys, this rule can be enabled.
-
TROJAN_SOURCE - This rule is designed for catching directional encoding characters in source code. Directional encoding unicode characters in other contexts aren’t necessarily malicious.
-
BANK_INFORMATION - Bank routing numbers aren’t necessarily sensitive information. If your organization wants to audit for these, this rule can be enabled.
-
SOCIAL_SECURITY_NUMBERS - US Social Security numbers aren’t applicable to all organizations. Due to the random nature of SSNs, this rule has a high rate of false positives.