Define what you are looking for, where you are looking for it, and how you want to handle any violations.
Policies define the overall settings for data security scanning. They determine what you are looking for, where you are looking for it, and how you want to handle any findings.
Detection Rules are combinations of specific Detectors that are applied to a policy. They define what you are looking to detect in a policy.
Detectors are models or algorithms for identifying specific types of sensitive information.