This section provides a reference overview of the privacy.yaml file, which is used to configure privacy rules that are applied to the replay and raw data. Masking on-demand enables the removal, or the blocking of, sensitive information from replay and raw data for anyone other than administrators.
Note: Masking on-demand is currently under limited availability. Contact your Acoustic representative or open a Support ticket to enable the feature.
Rules
Name
Name of the Rule (Rule1, Rule2, etc...)
Enabled
True or False value which specifies whether this rule is active.
Actions
One or more action names, which correspond to the names of action sections, will process if the rule returns True. Actions should always be mentioned in a list format.
Tests
One or more test names that correspond to the names of test sections. The specified tests are evaluated to determine whether the actions should run for the rule. If no test is specified, then the actions are run for every hit. For more than one test, TestOp Field must be mentioned. Tests should always be mentioned in a list format.
TestOp (Case-Sensitive)
Logical operator is used when multiple tests are specified. Possible values are AND and OR.
-
- If TestOp=AND, then all tests must return True for the actions to be processed.
- If TestOp=OR, then the actions are processed if any of the tests return True.
Not
True or False value. If True, then the result of the test evaluation is inverted (logical NOT).
Actions
Name
Name of the action. This is case-sensitive and should match the action name mentioned in the rule.
Action (Case-Sensitive)
The action to take. Following are the possible action values:
-
- Block: blocks the matched data using the specified strike character (XXXXX Pattern)
- Replace: replaces the matched data with a specified replacement text string
Section
The section name of the data to act upon.
-
- For RESPONSE (for example, section: response), if this is the value that is set to response, then the response is processed.
- For REQUEST (Example, Section: env) It will take the appropriate sections iamie, env, etc.
Field
One or more optional field names (name the portion of the name-value pair). This can also be one of the following reserved names:
-
- For RESPONSE
- body - If (Section: response) then, this value specifies the response body as the target (Field: body)
- For REQUEST: NA
- For RESPONSE
ValueName
-
- For REQUEST, one or more names of values (in multi-value name-value pairs, such as URL, CollectorNodeID).
- For RESPONSE: NA
StartPattern
The starting string pattern to search for within the specified data. The data immediately following the matching pattern is processed. If StartPattern is used, then you must also specify EndPattern, unless you set Inclusive to True. When Inclusive=True, the StartPattern and EndPattern are blocked/replaced as well. This is useful for blocking or encrypting a constant data string.
EndPattern
The string pattern, which signals the end of the data, that is matched by a StartPattern. The data up to, but not including the EndPattern is processed (unless Inclusive=True).
StartPatternRE
Regular expression version of StartPattern. This can be used to specify a standard regular expression to define the starting pattern to find.
EndPatternRE
Regular expression version of EndPattern. This can be used to specify a standard regular expression to define the ending pattern to find.
Inclusive
True or False value that is indicating whether the StartPattern (or StartPatternRE) and EndPattern (or EndPatternRE) are blocked or replaced. Default value is False.
ReplaceString
The string that is used to replace the original data when Action: Replace.
Description
(Optional) Description of the Action.
Tests
Name
Name of the Test. This is case-sensitive, it should match with the test name mentioned in the Rule.
Enabled
True or False value which specifies whether this test is active.
ReqField
Name portion of a name-value pair in Request Raw Data. For example, OrgDcId, CollectorNodeID etc...
ReqOp
(Case-Sensitive Field) Operation to perform: options are, EQ, NE, GT, LT, CONTAINS, PARTOF, PARTOFLIST.
ReqVal
Value portion of a name-value pair in Request Raw Data. For example, 008, wscollector-75cc959888-zdx55.
NOTE: Tests will be applicable for only Request Raw Data only.
Notes
- An Action can be used to apply Privacy either on Request or Response and not both
- StartPattern should only be paired with EndPattern and StartPatternRE should only be paired with EndPatternRE
- ReplaceString Field must not be empty if the mentioned Action Type is Replace
- Tests are applicable to Request Raw Data only
- While Applying Tests in a Rule, don't use any action in that Rule that deals with Replay response or Raw Data Response
- Disabled Tests should not be used in Enabled Rules
- PrivacyRules.yaml file cannot be deleted, it can only be overwritten by a new Privacy.yaml file. If you want to disable the application of privacy, you need to make the rule Enabled: False for all the rules mentioned in the yaml file.
- If you apply On demand Privacy on Json data and mask it, then it would be best to not create step attributes. However, if you want to create the step attribute to Mask data, then you will need to manually provide the correct step pattern path.
Note: To disable the Masking On-Demand feature, please contact customer support.