Redacting data example
The REDACT rule action is similar to redaction in extrusion rules. Use REDACT to replace a matched pattern in SQL statements that are sent from client to server and mask the matched values.
In this example, any13-16 digit number matches the regular expression and is masked by asterisks. The purpose is to mask credit card numbers, which usually meet the criteria.
- Session level criteria: None.
- Rule action: Redact
- Data pattern = (\b(?:\d[ -]*?){13,16}\b)
- Replacement symbol = STAR_SIGN
Notes:- The pattern to mask must be within parentheses ( ).
- The replacement symbol STAR_SIGN is an asterisk (*).
SR language example
SR_POLICIES
{
IF (*)
{
REDACT MATCH_PATTERN = '(\b(?:\d[ -]*?){13,16}\b)' REPLACEMENT_SYMBOL = STAR_SIGN
}
}