Extrusion actions

Use the REDACT and GET_SERVER_DATA actions to manage sensitive data.

Available extrusion actions:
  • REDACT
  • GET_SERVER_DATA

REDACT

The REDACT action requires log record affected and inspect return data to be enabled for the inspection engine. It is executed on analyzer level of sniffer processing and can prevent execution of the first SQL statement without redaction being applied with the firewall mode activated.

Attention: The REDACT action alters raw packets. Using broad regular expressions can inadvertently modify internal data structures sent by the server, potentially causing session disruptions. To avoid these issues, be sure to use precise regular expressions that avoid false positives. In addition, if patterns are spread across two physical network packets or their fragments, REDACT operations might be skipped, because S-TAP does not assemble these packets.

For more information about using REDACT, including additional restrictions, see Redact in Logging or ignoring rule actions.

Note:
  • Write the part of the pattern that you want to mask in parentheses.

GET_SERVER_DATA

The Runtime Sensitive Object Identification policy uses the GET_SERVER_DATA action to retrieve and process sensitive data. This action is available only for use with the Runtime Sensitive Object Identification policy.