Extrusion actions
Use the REDACT and GET_SERVER_DATA actions to manage sensitive data.
Available extrusion actions:
- REDACT
- GET_SERVER_DATA
REDACT
The REDACT action requires log record affected and inspect return data to be enabled for the inspection engine. It is executed on analyzer level of sniffer processing and can prevent execution of the first SQL statement without redaction being applied with the firewall mode activated.
Attention: The REDACT action alters raw packets. Using broad regular expressions can
inadvertently modify internal data structures sent by the server, potentially causing session
disruptions. To avoid these issues, be sure to use precise regular expressions that avoid false
positives. In addition, if patterns are spread across two physical network packets or their
fragments, REDACT operations might be skipped, because S-TAP does not assemble these packets.
For more information about using REDACT, including additional restrictions, see Redact in Logging or ignoring rule actions.
Note:
- Write the part of the pattern that you want to mask in parentheses.
GET_SERVER_DATA
The Runtime Sensitive Object Identification policy uses the GET_SERVER_DATA action to retrieve and process sensitive data. This action is available only for use with the Runtime Sensitive Object Identification policy.