Deobfuscating data so that it can be viewed in the console
When data obfuscation is configured on an IBM® QRadar® system, the masked version of the data is shown throughout the application. You must have both the corresponding keystore and the password to deobfuscate the data so that it can be viewed.
Before you begin
You must be an administrator and have the private key and the password for the key before you can deobfuscate data. The private key must be on your local computer.
About this task
Before you can see the obfuscated data, you must upload the private key. After the key is uploaded, it remains available on the system for the duration of the current session. The session ends when you log out of QRadar, when the cache is cleared on the QRadar Console, or when there is an extended period of inactivity. When the session ends, the private keys that were uploaded in the previous session are no longer visible.
QRadar can use the keys available in the current session to automatically deobfuscate data. With auto-deobfuscation enabled, you do not have to repeatedly select the private key on the Obfuscation Session Key window each time that you want to view the data. Auto-deobfuscate is automatically disabled when the current session ends.