Query masking examples
Analyzer query masking can be useful when used with non-relational databases such as MongoDB or Cassandra. or protocol frameworks such as the Google protocol buffer or Apache Thrift. The following examples show how to mask unencrypted data in non-relational databases.
Example 1: Mask an unencrypted password from Cassandra.
- Session level criteria:
- Server IP address = 20.20.20.20
- Database type = CASSANDRA
- Rule action = TRANSFORM STATEMENT
- Source = STATEMENT
- Request type = RPC
- Search prefix = login
- Search pattern = password
- Match pattern = \x27\w+\x27\x7D\x7D\x29$
- Mask = True
- Output format = \x27\x2A\x2A\x2A\x27\x7D\x7D\x7D\x29
Example 2 : Mask the user credentials for a CouchBase REST query.
- Session level criteria: Server port
In Group where:
- Group type = Server port
- Members = A list of server ports.
- Rule action = TRANSFORM STATEMENT
- Source = STATEMENT
- Request type = SQL
- Search prefix = __CB POST /query/service
- Search pattern = "pass":"
- Match pattern = "pass":"[^"][^"]*
- Mask = True
- Output format = "pass":"******
SR language examples
Example 1:
SR_POLICIES
{
IF (SERVER_IP = '20.20.20.20' DB_TYPE = 'CASSANDRA' )
{
TRANSFORM_STATEMENT REQ_TYPE = RPC SEARCH_PREFIX = 'login'
SEARCH_PATTERN = 'password' MATCH_PATTERN = '\x27\w+\x27\x7D\x7D\x29$'
MASK OUTPUT_FORMAT = '\x27\x2A\x2A\x2A\x27\x7D\x7D\x7D\x29)'
}
}
Example 2:
SR_POLICIES
{
IF (SERVER_PORT = (8091,100) )
{
TRANSFORM_STATEMENT REQ_TYPE = SQL SEARCH_PREFIX = '__CB POST /query/service'
SEARCH_PATTERN = '"pass":"' MATCH_PATTERN = '"pass":"[^"][^"]*'
MASK OUTPUT_FORMAT = '"pass":"******'
}
GROUP_ID = 100 TYPE = INTEGER SIZE = 1 { 8093 }
}