Query masking examples

Analyzer query masking can be useful when used with non-relational databases such as MongoDB or Cassandra. or protocol frameworks such as the Google protocol buffer or Apache Thrift. The following examples show how to mask unencrypted data in non-relational databases.

Example 1: Mask an unencrypted password from Cassandra.
  • Session level criteria:
    • Server IP address = 20.20.20.20
    • Database type = CASSANDRA
  • Rule action = TRANSFORM STATEMENT
    • Source = STATEMENT
    • Request type = RPC
    • Search prefix = login
    • Search pattern = password
    • Match pattern = \x27\w+\x27\x7D\x7D\x29$
    • Mask = True
    • Output format = \x27\x2A\x2A\x2A\x27\x7D\x7D\x7D\x29
Example 2 : Mask the user credentials for a CouchBase REST query.
  • Session level criteria: Server port In Group where:
    • Group type = Server port
    • Members = A list of server ports.
  • Rule action = TRANSFORM STATEMENT
    • Source = STATEMENT
    • Request type = SQL
    • Search prefix = __CB POST /query/service
    • Search pattern = "pass":"
    • Match pattern = "pass":"[^"][^"]*
    • Mask = True
    • Output format = "pass":"******

SR language examples

Example 1:
SR_POLICIES
{
        IF (SERVER_IP = '20.20.20.20' DB_TYPE = 'CASSANDRA' ) 
        { 
                TRANSFORM_STATEMENT REQ_TYPE = RPC SEARCH_PREFIX = 'login' 
                SEARCH_PATTERN = 'password' MATCH_PATTERN = '\x27\w+\x27\x7D\x7D\x29$' 
                MASK OUTPUT_FORMAT = '\x27\x2A\x2A\x2A\x27\x7D\x7D\x7D\x29)'
        }
}
Example 2:
SR_POLICIES
{
        IF (SERVER_PORT = (8091,100) ) 
        { 
                TRANSFORM_STATEMENT REQ_TYPE = SQL SEARCH_PREFIX = '__CB POST /query/service' 
                SEARCH_PATTERN = '"pass":"' MATCH_PATTERN = '"pass":"[^"][^"]*' 
                MASK OUTPUT_FORMAT = '"pass":"******'
        }
GROUP_ID = 100 TYPE = INTEGER SIZE = 1 { 8093 }
}