Extrusion actions

Use the REDACT and GET_SERVER_DATA actions to manage sensitive data.

Available extrusion actions:
  • REDACT

REDACT

The REDACT action requires log record affected and inspect return data to be enabled for the inspection engine. It is executed on analyzer level of sniffer processing and can prevent execution of the first SQL statement without redaction being applied with the firewall mode activated.

Attention: The REDACT action alters raw packets. Using broad regular expressions can inadvertently modify internal data structures sent by the server, potentially causing session disruptions. To avoid these issues, be sure to use precise regular expressions that avoid false positives. In addition, if patterns are spread across two physical network packets or their fragments, REDACT operations might be skipped, because S-TAP does not assemble these packets.

For more information about using REDACT, including additional restrictions, see Redact in Logging or ignoring rule actions.

Note:
  • Write the part of the pattern that you want to mask in parentheses.