The Observability Blog

Categories:
  • BindPlane OP
  • Log Management

How to Mask Sensitive Data in Logs with BindPlane OP Enterprise

by Ryan Goins, Product Manager on
April 21, 2023

Logs often contain sensitive data, including personally identifiable information (PII) such as names, email addresses, and phone numbers. To maintain security and comply with data protection regulations, it’s crucial to mask this data before storing it in your log analytics tool. BindPlane OP streamlines this process with the Mask Sensitive Data processor, ensuring your logs are safe and compliant.

Step 1: Identify the Sensitive Data to Mask

To begin, first identify the sensitive data in your logs that you want to mask. Use the Snapshots feature in BindPlane OP Enterprise to examine the logs flowing through your pipeline:

  1. Navigate to an agent page.
  2. Click “View Recent Telemetry” in the top right corner.
  3. Browse the logs for the PII data you wish to mask. In our example, we’re looking for email addresses to conceal.

Step 2: Add the Mask Sensitive Data Processor

Once you have identified the sensitive data to mask, it’s time to add the Mask Sensitive Data processor to your pipeline:

  1. Return to the configuration page and click on a processor node in your pipeline.
  2. Processors can be added either immediately after a source or before a destination, offering complete flexibility over the affected data. Choose the location in the pipeline that best suits your needs.
  3. Click “Add Processor.”
  4. Select “Mask Sensitive Data.”

Step 3: Configure the Processor

By default, BindPlane OP includes rules to mask credit card numbers, email addresses, phone numbers, SSNs, and IP addresses. Customize the processor’s configuration to suit your specific requirements:

  1. Modify the rules by removing any unnecessary ones or adding custom rules using regex.
  2. Review the available masking options and choose the one that best fits your needs 
  3. Click “Done,” followed by “Save.”

Step 4: Validate the Masking Process

After applying the Mask Sensitive Data processor to your pipeline, ensure that it is working correctly:

  1. Use Snapshots again to inspect the data stream.
  2. Verify that the sensitive data is being masked as intended. If successful, masked values should resemble the example below.

Protecting sensitive data in logs is a critical aspect of data security and compliance. With BindPlane OP’s Mask Sensitive Data processor, you can easily identify, configure, and validate the masking process, ensuring that your logs remain secure and compliant while still providing valuable insights for your organization.