Privacy requirement to tokenize fields like username/sitename - SIEM
Requirement: - Privacy requirement to tokenize fields like username/sitename in SIEM
As we understand we have multiple device type sending log to the SIEM tool and there are number of users group logged into the SIEM console and analyze the log based on urgency and act accordingly.
Now due to security compliance point of view we have requirement to mask some specific field for specific group of users based on device type. Take an example of below: -
- Device type = symantec_wss
- User Name = user.src (DOMAIN\username.lastname)
- Site Name= src.url
- User Group = AnalystGroup and ReadOnlyGroup
-
Now we want to mask username and site name for User group. But other group like Data Privacy Office and Admin can view the mask data, without any issue.
As part of Data privacy management, we have configured following data privacy- sensitive configuration.
Blacklist only meta.
By default all metadata and all packets are visible. Selecting individual SDK meta roles per user group prevents users from seeing metadata for that SDK meta role.
Visible-Select to Hide
Visible
We achieved the following with respect to data privacy role based access in UAT.
Customer has further question on this let me know if I you need a new jira.
Just would like to know that we want to deploy the feature on specific device type. NOT the complete role based deployment.
What we tested is role based and that is infra wide. Means if anything masked for particular role (users group) then any user false on that role can not see the masked data.
But we want to mask specific data for specific device type for group of users.
