Live Workshop: Integrate Google SecOps with Bindplane - Join Us on January 29th at 11 AM ET!Sign Up Now

Mask Sensitive Data

Description

The Mask Sensitive Data processor can be used to detect and mask sensitive data.

Supported Types

MetricsLogsTraces

Configuration Table

ParameterTypeDefaultDescription
telemetry_typesstrings[Metrics, Logs, Traces]Which types of telemetry to apply masking rules to.
default_rulesenumsSee default rulesCommonly used masking rules.
custom_rulesmapSee custom rulesCreate custom rules with the key being the rule name and the value being a regular expression to match against.
exclude_resource_keysstringsA list of resource keys to exclude from masking.
exclude_attribute_keysstringsA list of attribute keys to exclude from masking.
exclude_body_keysstringsA list of log body keys to exclude from masking.
*required field

Default Rules Values

  • Credit Card: \b(?:(?:(?:\d{4}[- ]?){3}\d{4}|\d{15,16}))\b
  • Date of Birth: \b(0?[1-9]|1[0-2])\/(0?[1-9]|[12]\d|3[01])\/(?:\d{2})?\d{2}\b
  • Email: \b[a-zA-Z0-9._\/\+\-—|]+@[A-Za-z0-9.\-—|]+\.?[a-zA-Z|]{0,6}\b
  • International Bank Account Number (IBAN): \b[A-Z]{2}\d{2}[A-Z\d]{1,30}\b
  • IPv4 Address: \b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b
  • IPv6 Address: \b(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\b
  • MAC Address: \b([0-9A-Fa-f]{2}[:-]){5}[0-9A-Fa-f]{2}\b
  • Phone Number: \b((\+|\b)[1l][\-\. ])?\(?\b[\dOlZSB]{3,5}([\-\. ]|\) ?)[\dOlZSB]{3}[\-\. ][\dOlZSB]{4}\b
  • Social Security Number (SSN): \b\d{3}[- ]\d{2}[- ]\d{4}\b
  • US City, State: \b[A-Z][A-Za-z\s\.]+,\s{0,1}[A-Z]{2}\b
  • US Street Address: \b\d+\s[A-z]+\s[A-z]+(\s[A-z]+)?\s*\d*\b
  • US Zipcode: \b\d{5}(?:[-\s]\d{4})?\b
  • UUID/GUID: \b[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-4[a-fA-F0-9]{3}-[8|9|aA|bB][a-fA-F0-9]{3}-[a-fA-F0-9]{12}\b

Example Configuration

Basic Configuration

Below is an example of configuration using the defaults.

Web Interface

observIQ docs - Mask Sensitive Data - image 1

Standalone Processor

yaml
1apiVersion: bindplane.observiq.com/v1
2kind: Processor
3metadata:
4  id: mask_sensitive_data
5  name: mask_sensitive_data
6spec:
7  type: mask_sensitive_data
8  parameters:
9    - name: telemetry_types
10      value: ['Metrics', 'Logs', 'Traces']

Custom Rules Values

Here you can add custom rules for masking. The Key is the name of the rule and the Value is the regular expression to match against.

Example

The default rule for Date of Birth masking would not match against a date that is separated by dashes, e.g 01-01-1990, but we can include a stricter regular expression in the Custom Rules parameter. Here we created a rule called birth_date_dash with value \b(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])-(19|20)\d{2}\b. This will match against dates separated by dashes.

Web Interface

observIQ docs - Mask Sensitive Data - image 2

Standalone Processor

yaml
1apiVersion: bindplane.observiq.com/v1
2kind: Processor
3metadata:
4  id: mask_sensitive_data
5  name: mask_sensitive_data
6spec:
7  type: mask_sensitive_data
8  parameters:
9    - name: telemetry_types
10      value: ["Metrics", "Logs", "Traces"]
11    - name: custom_rules
12      value:
13      	birth_date_dash: \b(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])-(19|20)\d{2}\b

Exclusions

You can exclude fields from being masked based on their key by specifiying excluded keys in the body, resources, or attributes respectively.

Web Interface

observIQ docs - Mask Sensitive Data - image 3

Standalone Processor

yaml
1apiVersion: bindplane.observiq.com/v1
2kind: Processor
3metadata:
4  id: mask_sensitive_data
5  name: mask_sensitive_data
6spec:
7  type: mask_sensitive_data
8  parameters:
9    - name: telemetry_types
10      value: ['Metrics', 'Logs', 'Traces']
11    - name: exclude_resource_keys
12      value: ['excluded_resource_key']
13    - name: exclude_attribute_keys
14      value: ['excluded_attribute_key']
15    - name: exclude_body_keys
16      value: ['excluded_body_key']