Mask Sensitive Data
Description
The Mask Sensitive Data processor can be used to detect and mask sensitive data.
As of Bindplane v1.94.0, the Mask Sensitive Data processor has been deprecated in favor of the Redact Sensitive Data processor.
Supported Types
✓
✓
✓
Configuration Table
telemetry_types
strings
[Metrics, Logs, Traces]
Which types of telemetry to apply masking rules to.
custom_rules
map
See custom rules
Create custom rules with the key being the rule name and the value being a regular expression to match against.
exclude_resource_keys
strings
A list of resource keys to exclude from masking.
exclude_attribute_keys
strings
A list of attribute keys to exclude from masking.
exclude_body_keys
strings
A list of log body keys to exclude from masking.
*required field
Default Rules Values
Credit Card:
\b(?:(?:(?:\d{4}[- ]?){3}\d{4}|\d{15,16}))\bDate of Birth:
\b(0?[1-9]|1[0-2])\/(0?[1-9]|[12]\d|3[01])\/(?:\d{2})?\d{2}\bEmail:
\b[a-zA-Z0-9._\/\+\-—|]+@[A-Za-z0-9.\-—|]+\.?[a-zA-Z|]{0,6}\bInternational Bank Account Number (IBAN):
\b[A-Z]{2}\d{2}[A-Z\d]{1,30}\bIPv4 Address:
\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\bIPv6 Address:
\b(?:[0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}\bMAC Address:
\b([0-9A-Fa-f]{2}[:-]){5}[0-9A-Fa-f]{2}\bPhone Number:
\b((\+|\b)[1l][\-\. ])?\(?\b[\dOlZSB]{3,5}([\-\. ]|\) ?)[\dOlZSB]{3}[\-\. ][\dOlZSB]{4}\bSocial Security Number (SSN):
\b\d{3}[- ]\d{2}[- ]\d{4}\bUS City, State:
\b[A-Z][A-Za-z\s\.]+,\s{0,1}[A-Z]{2}\bUS Street Address:
\b\d+\s[A-z]+\s[A-z]+(\s[A-z]+)?\s*\d*\bUS Zipcode:
\b\d{5}(?:[-\s]\d{4})?\bUUID/GUID:
\b[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-4[a-fA-F0-9]{3}-[8|9|aA|bB][a-fA-F0-9]{3}-[a-fA-F0-9]{12}\b
Example Configuration
Basic Configuration
Below is an example of configuration using the defaults.
Web Interface
Standalone Processor
apiVersion: bindplane.observiq.com/v1
kind: Processor
metadata:
id: mask_sensitive_data
name: mask_sensitive_data
spec:
type: mask_sensitive_data
parameters:
- name: telemetry_types
value: ['Metrics', 'Logs', 'Traces']Custom Rules Values
Here you can add custom rules for masking. The Key is the name of the rule and the Value is the regular expression to match against.
Example
The default rule for Date of Birth masking would not match against a date that is separated by dashes, e.g 01-01-1990, but we can include a stricter regular expression in the Custom Rules parameter. Here we created a rule called birth_date_dash with value \b(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])-(19|20)\d{2}\b. This will match against dates separated by dashes.
Web Interface
Standalone Processor
apiVersion: bindplane.observiq.com/v1
kind: Processor
metadata:
id: mask_sensitive_data
name: mask_sensitive_data
spec:
type: mask_sensitive_data
parameters:
- name: telemetry_types
value: ["Metrics", "Logs", "Traces"]
- name: custom_rules
value:
birth_date_dash: \b(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])-(19|20)\d{2}\bExclusions
You can exclude fields from being masked based on their key by specifying excluded keys in the body, resources, or attributes respectively.
Web Interface
Standalone Processor
apiVersion: bindplane.observiq.com/v1
kind: Processor
metadata:
id: mask_sensitive_data
name: mask_sensitive_data
spec:
type: mask_sensitive_data
parameters:
- name: telemetry_types
value: ['Metrics', 'Logs', 'Traces']
- name: exclude_resource_keys
value: ['excluded_resource_key']
- name: exclude_attribute_keys
value: ['excluded_attribute_key']
- name: exclude_body_keys
value: ['excluded_body_key']Last updated
Was this helpful?