Managing Data Redaction

 

Contents

Introduction

Ways to Identify Data Redaction
– Patterns
– Code Identifiers
– Classes
Packages

Resetting Errors

How Data Redaction Filtering Affects Errors in OverOps

Related Articles

 

Introduction

OverOps encrypts all your data before it leaves your servers, but some types of data that you may not want OverOps to capture at all. Personally Identifiable Information (PII) often requires special attention and careful handling. With Data Redaction, sensitive information is sure never to leave the server.

Note: Data Reduction is available with Admin or Owner privileges only, members have viewer permissions.

Identifying Data Redaction

There are four methods for filtering Data Redaction within OverOps:

  1. Patterns
  2. Code Identifiers
  3. Classes
  4. Packages.

For each category, you can add, modify or remove filters.

To view or set Data Reduction filters:

  1. From the OverOps Dashboard, click Settings and select Data Reduction.
    The Data Redaction dialog box opens.
  2. To add or modify filters, proceed to the instructions in the sections according to the chosen filtering method.

Filtering is turned on by default. To disable filtering in general:

  • From the Data Redaction dialog box, turn off Filtering on
    All filtering is disabled.

Data Redaction Dialog box

 

Patterns

When the Agent on one of the JVMs recognizes a pattern that matches a filter from the configured list, that information is not collected. The pattern is matched to the value, not name of the variable. Default patterns include credit cards, IP addresses, phone numbers, physical addresses and ID numbers. To filter data according to a pattern, select a pattern type and from the slider turn on the specific pattern to filter out.

Patterns are written as Regular Expressions.

Pattern Filters 

To add new patterns:

  1. Enter the Regular Expression for the pattern and click Add.
    The Add Pattern dialog box opens.

  2. Name the pattern and click Save.

 Any expression matching this pattern will not be collected by OverOps.
 

Code Identifiers

When an Agent on your server recognizes a variable name that matches a filter from the configured list, that information is not collected. The code identifiers are matched to the names, not the value of the variable. OverOps provides a large variety of default identifiers.

To add a new code identifier to the filter list:

  • Type the code identifier in the box at the bottom of the dialog box and click Add. Enter multiple variable names by separating them with commas.

To remove a variable from filtering, hover over it and click X.

Code Identifiers Filter List

 

Classes

Under the Classes tab, you can add, modify, or delete entire classes to redact. When the JVM Agent recognizes a listed classes, it does not send data from that class off the server.

To add a new class to the filter list:

  • Type it into the box at the bottom of the dialog box and click Add. Enter multiple classes by separating them with commas.



Classes Filtering Tab

 

Packages

Under the Packages tab, you can add, modify, or delete entire packages of classes to redact. When the JVM Agent recognizes a listed packages, it does not send data from that class off the server. 

To add a new package to the filter list:

  • Type it into the box at the bottom of the dialog box and click Add. Enter multiple packages, by separating them with commas.



Packages Filtering Tab

 

Resetting Changes

Changes you make in the security settings are implemented automatically. Changes are applied to all errors and exceptions that OverOps captures from that point on. Changes to settings are not applied retroactively. To restore the default settings, click Reset at the bottom left corner of the Data Redaction window.

 

 Events with Data Redaction Displayed in OverOps

When the JVM Agent recognizes information included in the Data Redaction settings, it does not record that data from the server. Events and exceptions that contain filtered PII, the sensitive data is presented in the Dashboard with an asterisks.

The examples below demonstrate how filtered data is displayed in each view:

  • Code View: Patterns, code identifiers, and classes are applied

Screen-Shot-2015-01-13-at-3.17.30-PM1.jpg

An error in OverOps with a PII-filtered variable in Code View

  • Log View: Only patterns are applied

Screenshot_from_2017-03-23_17-15-30.png

An error in OverOps with a PII-filtered log line in Log View

  • JVM View: Only code identifiers are applied

Screenshot_from_2017-03-23_17-13-03.png

An error in OverOps with a PII-filtered JVM argument in JVM View

 

Related Articles

Security Page

Troubleshooting page

Have more questions? Submit a request