Data obfuscation expressions

Field-based properties

Use a field-based property to hide user names, group names, host names, and NetBIOS names. Expressions that use field-based properties obfuscate all instances of the data string. The data is hidden regardless of its log source, log source type, event name, or event category.

If the same data value exists in more than one of the fields, the data is obfuscated in all fields that contain the data even if you configured the profile to obfuscate only one of the four fields. For example, if you have a host name that is called IBMHost and a group name that is called IBMHost, the value IBMHost is obfuscated in both the host name field and the group name field even if the data obfuscation profile is configured to obfuscate only host names.

Regular expressions

Use a regular expression to obfuscate one data string in the payload. The data is hidden only if it matches the log source, log source type, event name, or category that is defined in the expression.

usrName=([0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*@([0-9
a-zA-Z][-\w]*[0-9a-zA-Z]\.)+[a-zA-Z]{2,20})$

usrName=(^([\w]+[^\W])([^\W]\.?)([\w]+[^\W]$))

usrName=^([a-zA-Z])[a-zA-Z_-]*[\w_-]*[\S]$|^([a
-zA-Z])[0-9_-]*[\S]$|^[a-zA-Z]*[\S]$

usrName=(/S+)

msg=([0-9a-zA-Z]([-.\w]*[0-9a-zA-Z]))*@\b(([01]
?\d?\d|2[0-4]\d|25[0-5])\.){3}([01]?\d?\d|2[0-4
]\d|25[0-5])\b

src=\b(([01]?\d?\d|2[0-4]\d|25[0-5])\.){3}([01]
?\d?\d|2[0-4]\d|25[0-5])\b

host=^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a
-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-
9\-]*[A-Za-z0-9])$