Masking multiple credit card number for a specific field using SEDCMD

anupt1986 — Fri, 11 Jun 2021 05:53:00 GMT

Hi,

Have an event where i would like to mask credit card number only within below two fields using SEDCMD only.

i.e. "PolicyDetails{}.Rules{}.ConditionsMatched.SensitiveInformation{}.SensitiveInformationDetections.DetectedValues{}.Name

and

"PolicyDetails{}.Rules{}.ConditionsMatched.SensitiveInformation{}.SensitiveInformationDetections.DetectedValues{}.Value"

If i just use

| rex mode=sed "s/(\d{4}){3}(\d{4})/xxxx-xxxx-xxxx-\2/g

this will check for match in whole event and mask values which it should not mask 😞

so am testing with below snippet code something like this :

| gentimes start=-1
| eval myevent="PolicyDetails{}.Rules{}.ConditionsMatched.SensitiveInformation{}.SensitiveInformationDetections.DetectedValues{}.Name:[\"6011111111111117\",\"6011000990139424\",\"4111111111111111\",\"5555555555554444\",\"5105105105105100\",\"38520000023237\"]"
| table myevent
| rename myevent as new
| eval old=new
| rex mode=sed "s/(,.*DetectedValues{}.*\:\[\")(\d{4}){3}(\d{4})/xxxx-xxxx-xxxx-\2/g"

expected outcome: like this for one of field but should do similar for other field as well.

"PolicyDetails{}.Rules{}.ConditionsMatched.SensitiveInformation{}.SensitiveInformationDetections.DetectedValues{}.Name":["xxxxxxxxxxxx1117","xxxxxxxxxxxx9424","xxxxxxxxxxxx1111","xxxxxxxxxxxxx4444","5xxxxxxxxxxxx5100","xxxxxxxxxxxx3237"]

Re: Masking multiple credit card number for a specific field using SEDCMD

danielcj — Fri, 11 Jun 2021 07:23:47 GMT

Hi,
You can define the field which your rex command will be applied using the "field" command.
For your example, try replacing your last line for the following:

| rex mode=sed field=new "s/(\d{4}){3}(\d{4})/xxxx-xxxx-xxxx-\2/g"

topic Masking multiple credit card number for a specific field using SEDCMD in Getting Data In

Masking multiple credit card number for a specific field using SEDCMD

Re: Masking multiple credit card number for a specific field using SEDCMD