topic Re: Crowd sourcing sensitive data masking rules (PII, Passwords, keys, etc.) for various sourcetypes in Getting Data In https://community.splunk.com/t5/Getting-Data-In/Crowd-sourcing-sensitive-data-masking-rules-PII-Passwords-keys/m-p/401651#M71503 <P>That was might thought as well... some sort of negative look-behind. I thought I was good at regex until I tried to mask passwords with low fp rate.</P> Fri, 18 May 2018 23:50:04 GMT dstaulcu 2018-05-18T23:50:04Z Crowd sourcing sensitive data masking rules (PII, Passwords, keys, etc.) for various sourcetypes https://community.splunk.com/t5/Getting-Data-In/Crowd-sourcing-sensitive-data-masking-rules-PII-Passwords-keys/m-p/401648#M71500 <P>My team has a number of index-time sedcmd-based password masking rules for words in known positions of passwords. This strategy has worked well for us for a while. We are currently wrestling with a case where users accidentally include their passwords along with their upn (user@domain) in the userid field of a windows logon. Does anyone have a good way to handle this condition? </P> <P>Similarly, does anyone know of any projects to curate lists of trusted splunk transforms for sensitive data masking?</P> Thu, 17 May 2018 11:30:09 GMT https://community.splunk.com/t5/Getting-Data-In/Crowd-sourcing-sensitive-data-masking-rules-PII-Passwords-keys/m-p/401648#M71500 dstaulcu 2018-05-17T11:30:09Z Re: Crowd sourcing sensitive data masking rules (PII, Passwords, keys, etc.) for various sourcetypes https://community.splunk.com/t5/Getting-Data-In/Crowd-sourcing-sensitive-data-masking-rules-PII-Passwords-keys/m-p/401649#M71501 <P>There's no accounting for stupidity. </P> <P>Perhaps, however, if the domain portion of the upn is well-known, you can mask everything that follows it.</P> Thu, 17 May 2018 15:05:41 GMT https://community.splunk.com/t5/Getting-Data-In/Crowd-sourcing-sensitive-data-masking-rules-PII-Passwords-keys/m-p/401649#M71501 richgalloway 2018-05-17T15:05:41Z Re: Crowd sourcing sensitive data masking rules (PII, Passwords, keys, etc.) for various sourcetypes https://community.splunk.com/t5/Getting-Data-In/Crowd-sourcing-sensitive-data-masking-rules-PII-Passwords-keys/m-p/401650#M71502 <P>From the documentation side I see the following <A href="http://docs.splunk.com/Documentation/Splunk/7.1.0/Data/Anonymizedata">Anonymize data</A></P> Thu, 17 May 2018 15:13:14 GMT https://community.splunk.com/t5/Getting-Data-In/Crowd-sourcing-sensitive-data-masking-rules-PII-Passwords-keys/m-p/401650#M71502 ddrillic 2018-05-17T15:13:14Z Re: Crowd sourcing sensitive data masking rules (PII, Passwords, keys, etc.) for various sourcetypes https://community.splunk.com/t5/Getting-Data-In/Crowd-sourcing-sensitive-data-masking-rules-PII-Passwords-keys/m-p/401651#M71503 <P>That was might thought as well... some sort of negative look-behind. I thought I was good at regex until I tried to mask passwords with low fp rate.</P> Fri, 18 May 2018 23:50:04 GMT https://community.splunk.com/t5/Getting-Data-In/Crowd-sourcing-sensitive-data-masking-rules-PII-Passwords-keys/m-p/401651#M71503 dstaulcu 2018-05-18T23:50:04Z