Why are some scanning rules disabled by default?
Some scanning rules can generate many false positives, requiring more effort to disposition findings, and some rules are not universally applicable. The following rules are disabled by default:
- GENERIC_PASSWORD - This rule generates a high rate of false positives. 
- SSH_PUBLIC_KEY - SSH public keys are by definition not sensitive information. If your organization wants to audit for public keys, this rule can be enabled. 
- TROJAN_SOURCE - This rule is designed for catching directional encoding characters in source code. Directional encoding unicode characters in other contexts aren’t necessarily malicious. 
- BANK_INFORMATION - Bank routing numbers aren’t necessarily sensitive information. If your organization wants to audit for these, this rule can be enabled. 
- SOCIAL_SECURITY_NUMBERS - US Social Security numbers aren’t applicable to all organizations. Due to the random nature of SSNs, this rule has a high rate of false positives. 
