Data Masking

There are times when information within a log message needs to be transformed into a more useable format or masked to hide sensitive or regulated data. LogRhythm allows you to set up Data Masking Rules to transform, redact, or substitute text on a global or log message source basis.

Users must monitor the processing rates in their solution for a period of time to ensure their system can support the processing requirements.

Data Masking Rules allow you to perform multiple types of data transformation and masking. The Archives continue to contain the original raw log in its original collected state. The Data Indexer contains the transformed raw log and any associated transformed metadata.
The following are the types of data masking:

Transform Text

Transform specific text within a log message into a specified usable format where the input text is used to create the output text and the output can contain new characters and formatting.
For example, transform (3)www(9)microsoft(3)com(0) to www.microsoft.com.

Redact Sensitive Text

Redact specific text within a log message where all or part of the input text is replaced with a specified masking character or string.
For example, redact a Social Security Number SSN: 123-45-6789 to SSN: XXX-XX-XXXX.

Substitute Sensitive Text

Substitute specific text within a log message into a consistent unique value. The value is hashed into a new unique value where the same input value always results in the same output value across different log messages.

For example, transform SSN: 123-45-6789 to SSN: bfda2b7_579e_b1dc_3cba_e0df31fa8ff0.