This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by NetWitness experts.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcement Banner

Scheduled Maintenance for the Case Portal during May 20-22

View Details
  • NetWitness Community
  • Knowledge Base
  • How to obfuscate sensitive information(ip address, hostname and MAC) from sosreport in RSA NetWitnes...
  • Options
    • Subscribe to RSS Feed
    • Bookmark
    • Subscribe
    • Email to a Friend
    • Printer Friendly Page
    • Report Inappropriate Content

The content you are looking for has been archived. View related content below.

How to obfuscate sensitive information(ip address, hostname and MAC) from sosreport in RSA NetWitness Platform

Article Number

000001074

Applies To

RSA Product Set: NetWitness Platform
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.x

Issue

Some customer does not want to provide the output of sosreport or nwtech dump, because it has potentially sensitive information like ip address, MAC and host/domain name.
SOSCleaner is a tool to consistently obfuscate sensitive information in large datasets like Red Hat sosreports. It works on any dataset, from 1 file to thousands.
For more information, refer to the following documents.
Github: https://github.com/soscleaner/soscleaner
SOSCleaner documentation: https://soscleaner.readthedocs.io/en/latest/

Resolution

  1. Go to the sosreport output directory and run the soscleaner.

    And copy the log file name. (in the following example, /tmp/soscleaner-xxxxxxxxxxxxxxx.log)

    
    # cd /var/tmp/sos.CioOkc/
    # soscleaner sosreport-sa-server-xxxxxxxxxxxxxxx.tar.xz
    ERROR:root:code for hash md5 was not found.
    Traceback (most recent call last):
      File "/usr/lib64/python2.7/hashlib.py", line 129, in <module>
        globals()[__func_name] = __get_hash(__func_name)
      File "/usr/lib64/python2.7/hashlib.py", line 98, in __get_openssl_constructor
        f(usedforsecurity=False)
    ValueError: error:3207A06D:lib(50):B_HASH_init:cr new
    02-16 16:21:25 soscleaner CONSOLE: Log File Created at /tmp/soscleaner-xxxxxxxxxxxxxxx.log
    CONSOLE:soscleaner:Log File Created at /tmp/soscleaner-xxxxxxxxxxxxxxx.log
    
    
    *Note: NetWitness 11.x version has a problem with creating the /tmp/soscleaner-*.log file, so you must create the log file manually right after you run the soscleaner.

     
  2. Open a new ssl console and create the log file right after running the soscleaner.
    
    # touch /tmp/soscleaner-xxxxxxxxxxxxxxx.log
    
    *Note: If you do not create the above log file, soscleaner could not complete the job with following error message.
    
    OSError: [Errno 2] No such file or directory: '/tmp/soscleaner-2711957584681717.log'
    # gunzip soscleaner-2711957584681717.tar.gz
    gzip: soscleaner-2711957584681717.tar.gz: unexpected end of file 
     
  3. After finish the soscleaner, output files are in the /tmp directory. soscleaner-*.tar.gz has data with obfuscate information and the mappings are recorded in each csv file.
    
    # ls -al | grep sos
    -rw-r--r--.   1 root       root            229 Feb 16 16:33 soscleaner-1845103887629427-dn.csv
    -rw-r--r--.   1 root       root            202 Feb 16 16:33 soscleaner-1845103887629427-hostname.csv
    -rw-r--r--.   1 root       root           3288 Feb 16 16:33 soscleaner-1845103887629427-ip.csv
    -rw-r--r--.   1 root       root              0 Feb 16 16:28 soscleaner-1845103887629427.log
    -rw-r--r--.   1 root       root            594 Feb 16 16:33 soscleaner-1845103887629427-mac.csv
    -rw-r--r--.   1 root       root       22249438 Feb 16 16:33 soscleaner-1845103887629427.tar.gz
    -rw-r--r--.   1 root       root             59 Feb 16 16:33 soscleaner-1845103887629427-username.csv

     
Tags (12)
  • Customer Support Article
  • KB Article
  • Knowledge Article
  • Knowledge Base
  • NetWitness
  • NetWitness Platform
  • NW
  • RSA NetWitness
  • RSA NetWitness Platform
  • RSA Security Analytics
  • Security Analytics
  • SIEM
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2022-02-10 02:22 PM
Updated by:
Administrator nwinfotech Administrator

Related Content

Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.