- Advanced Analytics
- Understand the Basics of Advanced Analytics
- Configure Log Management
- Set Up Admin Operations
- Set Up Authentication and Access Control
- Additional Configurations
- Configure Rules
- Exabeam Threat Intelligence Service
- Threat Intelligence Service Prerequisites
- View Threat Intelligence Feeds
- Threat Intelligence Context Tables
- View Threat Intelligence Context Tables
- Assign a Threat Intelligence Feed to a New Context Table
- Create a New Context Table from a Threat Intelligence Feed
- Check ExaCloud Connector Service Health Status
- Exabeam Cloud Telemetry Service
- Manage Security Content in Advanced Analytics
- Health Status Page
Mask Data Within the Advanced Analytics UI
Note
To enable or disable and configure data masking, contact your Exabeam technical representative.
Note
Data masking is not supported in Case Management or Incident Responder modules.
Data masking within the UI ensures that personal data cannot be read, copied, modified, or removed without authorization during processing or use. With data masking enabled, the only user able to see a user's personal information will be users assigned to the permission "View Clear Text Data". The default role "Data Privacy Officer" is assigned this permission out of the box. Data masking is a configurable setting and is turned off by default.
To enable data masking in the UI, open /
opt/exabeam/config/tequila/custom/application.conf, and setdataMaskingEnabledtotrue.If your
application.confis empty, copy the following text and paste it into the file:tequila { PII { # Globally enable/disable data masking on all the PII configured fields. Default value is false. dataMaskingEnabled = true } }
You're able to fully customize which PII data is masked or shown in your deployment. The following fields are available when configuring PII data masking:
Default: This is the standard list of PII values controlled by Exabeam. If data masking is enabled, all of these fields are encrypted.
Custom: Encrypt additional fields beyond the default list by adding them to this custom list. The default is empty.
Excluded: Do not encrypt these fields. Adds that are in the default list to expose their values in your deployment. The default is empty.
For example, if you want to mask all default fields other than "task name" and also want to mask the "address" field, then you would configure the lists as shown below:
PII {
# Globally enable/disable data masking on all the PII configured fields. Default value is false.
dataMaskingEnabled = true
dataMaskingSuffix = ":M"
encryptedFields = {
#encrypt fields
event {
default = [
#EventFieldName
"user",
"account",
...
"task_name"
]
custom=["address"]
excluded=["task_name"]
}
...
}
}