Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to mask a bank detail from JSON logs

VijaySrrie
Builder
‎12-07-2021 05:09 AM

Hi,

We are ingesting some logs into splunk in JSON format, the logs are ingested via TA.

The value field in the below contains bank details which has to be masked.

 

PolicyDetails{}.Rules{}.ConditionsMatched.SensitiveInformation{}.SensitiveInformationDetections.DetectedValues{}.Value

Labels (4)
Tags (1)
0 Karma
Reply

Vardhan
Contributor
‎12-07-2021 05:26 AM

Hi @VijaySrrie ,

I have given a sample config below. You can try like that.

props.conf

[mentionsourcetype]
TRANSFORMS-acctmasking = mask-acctcode

Transforms.conf

[mask-acctcode]
REGEX = (.*DetectedValues{}.Value=\d+).*
DEST_KEY = _raw
FORMAT = $1-XXXX

Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...