Splunk Search

How do we automate the splunk log to make sure user detail is masked or not?

DrashtiPatel144
New Member

I would like to automate Splunk Logs to make sure user detail is marked.

Note: We are capturing and displaying user detail in JSON Response Body. 

 

 

Labels (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @DrashtiPatel144,

as @richgalloway said, you should be more detailed in this question and share a sample of your logs .

Anyway, as you can read at https://docs.splunk.com/Documentation/Splunk/9.0.0/Data/Anonymizedata you can anonymize your data at index time and they remain maked in the Splunk archive, or at search time.

In addition (we did it for a customer) is also possible to preparse logs encrypting data (using a script with a certificate) before indexing, in this way, data are stored encrypted, but it's also possible (only with a request of judiciaire) to reverse the encryption for legal investigations.

What do you want to perform?

I can help you in the first two actions, not on the last because a colleague did it.

Ciao.

Giuseppe

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Please tell us more about what you want to accomplish.  Are you referring to Splunk's internal logs or your own logs you've stored in Splunk?  What user detail do you want to mask?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...