Docs

Console

DLP

Manage built-in detectors, custom patterns, and allow lists; review DLP findings over time in the RenLayer Console.

The DLP page is the operator interface for RenLayer’s data-loss prevention engine. It exposes the built-in detectors, lets you add custom patterns and allow lists, and surfaces findings over time so you can tune sensitivity.

Detector catalog

The catalog lists every detector active in the tenant: built-in ones (PII, secrets, payment data, source code) and any custom ones you have defined. For each detector you can:

  • See the finding count in the selected window.
  • Adjust the severity mapping: what CRITICAL/HIGH/MEDIUM/LOW mean for this detector at this tenant.
  • Disable the detector for specific agents (useful for an agent whose entire job is processing PII intentionally).

Custom patterns

Click New pattern to add a custom detector. You provide:

  • Name: appears in findings and the audit log.
  • Type: regex or keyword list.
  • Pattern body: the regex or list itself.
  • Severity: defaults to HIGH; adjust to taste.
  • Apply to: request, response, or both.

Patterns take effect on the next request, no proxy restart required.

Allow lists

Allow lists suppress matches that you have determined to be safe. A common case: your test suite emits synthetic credit-card numbers like 4111 1111 1111 1111. Add that exact value to the allow list for the payment.card_number detector and the noise stops without weakening real-world detection.

Findings explorer

The Findings tab is a searchable list of every match. Each row shows:

  • The detector that fired.
  • The agent and trace it came from.
  • The severity and resulting action (DLP_BLOCKED / DLP_WARNED / informational).
  • A snippet of the matched span (with the actual matched value redacted unless you have permission to unmask).

Click into any row to jump to the full trace in Sessions.

Trend chart

The trend chart at the top shows finding volume by class over time. A spike in a class (e.g. secret.aws_access_key) is often the first sign of a misbehaving agent or an attempt to exfiltrate via prompt injection.

Tuning workflow

A typical tuning workflow:

  1. Enable detectors broadly with default severities.
  2. Watch the findings explorer for a week.
  3. Add allow lists for known false positives.
  4. Adjust severities (e.g. demote a noisy HIGH to MEDIUM) where appropriate.
  5. Add custom patterns for internal identifiers and project names.

Where to go next

Last updated: