Sensitive Strings

Sensitive Strings are user-defined keywords, patterns, or identifiers that represent critical data elements for the organization. These may include API keys, internal project codes, client tokens, legal references, employee identifiers, or any proprietary string whose exposure could lead to risk scenarios such as data leakage, impersonation, or regulatory violations.

The Inopli DRP module allows companies to configure these strings directly from the platform’s settings panel under the Sensitive Strings tab. Once registered and activated, each string becomes a monitored entity. The DRP engine will continuously inspect indexed content (surface, dark web, and other channels) for signs of exposure, correlation, or misuse involving these terms.

Findings are enriched with metadata, including context of exposure, severity, and source, and may trigger incident creation through the Response module if confirmed as valid by the analyst or an automated policy.

String Configuration Fields

Each entry includes the following fields:

• type – Category of the string to be monitored. Accepted types are: API Key, Password, Token, Secret, Other

• value – The actual keyword or string to be monitored

• regex_pattern – Optional field to define a custom regular expression pattern

• case_sensitive – Boolean that defines if the match is case-sensitive

• exact_match – Boolean to specify if only exact string matches are accepted

• category – Optional logical grouping (e.g., Legal, DevOps, HR)

• severity – Risk impact associated with string exposure (e.g., Low, Medium, High)

User Interface Example

Below is the platform screen used to manage and edit sensitive strings for monitoring

Each Sensitive String can be toggled on/off, and actions include edit or remove. Only active Sensitive Strings are monitored in real time.