cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Gatha.Sehgal
AppDynamics Team

A demonstration of Sensitive Data Masking on Logs 

Available as of v23.6, Cisco AppDynamics’ Sensitive Data Masking capability for logs is a crucial element in ensuring the protection and privacy of sensitive information. By masking the personally identifiable information (PII), financial details, healthcare records, and more in logs, organizations can prevent unauthorized access, comply with data protection regulations, mitigate insider threats, reduce the attack surface for potential breaches, enable effective auditing and investigation without compromising sensitive information 

Sensitive Data Masking for Logs is part of Data Security on Cloud Native Application Observability, powered by the Cisco FSO Platform.  


IN THIS ARTICLE: Demo video | Demo Chapters + Notes | Additional resources 

Demo | Sensitive Data Masking on Logs 


Demo Chapters and Notes 

Demo Chapter + Timestamp
Steps and Notes 

Getting to the Masking Expressions tab

00:00:30

  1. Click the Configure option on the left-hand side panel. Look for the new tab called Security. 

  2. Under Security, click on Data Security. 
    You will land on a page with a Masking Rules tab, and next to it, the Masking Expressions tab.  

Back to top

Understanding the Masking Expressions list

00:00:58 

Under the Masking Expressions tab, you will see a list of previously created masking expressions. 
 
To determine which are provided out-of-the-box, and which have been created by a user, refer to the Type column. “Default” indicates out-of-the-box masking expressions, and “Custom” refers to those created by a user.

Back to top

Overview of the Masking Expression fields 

00:01:30 

    • The first field here is the expression named “Custom SSN”. 
    • The second field is for the Regex for matching data.
    • The third field is Data Sensitivity, referring to the sensitivity of the data, which can vary from organization to organization, ranging from low, medium, high, to critical.

Back to top

Using masking expressions once they’ve been created 

00:02:47

To use these masking expressions, go to the Masking Rules tab. You’ll see a list of the masking rules that have already been created. 

To determine whether the rules have been enabled, look at the Monitoring Status column. Here, you can see the mask_social_security_number is enabled while the Mask_Credit_Card_Rule is currently disabled.

Back to top

Rule field overview 

00:03:10 

 

With the Mask SSN rule as example:

    • The first field in a rule is its name—here Mask Social Security Number. 
       
    • The second field shows the scope of the rule, referring to the set of Logs to which the masking expressions should be applied.
      In this scenario, you will need to provide this value in the log format field within your log collector’s YAML file — here
      k8s:ad_ecommerce_appdcloud_demo4_logs. 
       
    • The third field is where you can select the masking expression that should be applied to this set of logs— here custom_ssn, which we had previously created in the Masking Expressions list. You can also go ahead and create a new masking expression right here, which would have the same fields we saw earlier when going through the Masking Expressions tab. 
       
      As you select the Masking Expressions, you will start seeing them pop up as labels right below the Masking Expressions tab. 
       
    • The 4th field is how you want to mask your data. Here, you have the option to select either X character or a custom string. 
       
      We will go ahead and select the X character in this scenario. Which means that any masked data will be replaced with the character “x”.

Back to top

Saving and Enabling
the rule

00:05:02  

Let's go ahead and save this rule. Once a rule has been saved, it is disabled by default. 

 In this scenario, we had edited a rule which had already been enabled, so the monitoring status for this rule is already enabled. 

 Once a masking rule has been enabled, any data being ingested from the scope specified in the masking rule will be scanned for that particular pattern, and that data will be masked. 

Back to top

View the masked data in the Log Explorer 

00:05:41

Let's go ahead and look at how the masked data will look.  

  1. Looking at the log's explorer, search for SSN on the search bar. Once I search for that, I can see log records that had an SSN entry which have now been masked with character “x”.

  2. Within the log store, the data is saved in this masked format. We do not save any raw messages to comply with security standards. 

Back to top

Additional resources 

 

Version history
Last update:
‎07-31-2023 09:38 AM
Updated by:
Join Us On December 10
Learn how Splunk and AppDynamics are redefining observability


Register Now!

Observe and Explore
Dive into our Community Blog for the Latest Insights and Updates!


Read the blog here