Trying to use PCI-DSS policy with VIC, during a POC, most of files tagged as PCI-DSS are files containing metrics from several server. After reading definition of pattern, I saw a level of confidence for the pattern:
|Formatted/Delimited credit card number AND credit card keywords.
|Unformatted/Nondelimited credit card number AND credit card keywords.
|Formatted/Delimited credit card number.
|Unformatted/Nondelimited credit card number.
Is it possible to retrieve the level of confidence for pattern matching a specific file with de DQL query ?
I don't think you can get the confidence detected for files classified by DI, but you can see it if you test a sample file through the VIC UI.
The PCI/DSS policy is slightly unusual in that it requires only medium confidence for the Credit/Debit card number pattern. If this is giving you too many false positives, you can increase the minimum confidence by editing the policy and increasing the minimum confidence to 'high' or 'very high'.
Alternatively you could copy the built-in PCI/DSS policy and create your own variant of it as a custom policy. This would allow you to add a 'None of' group with keyword or regex conditions that would exclude the metrics files that you are seeing false positives for.