IBM
QRadar uses data
obfuscation profiles to determine which data to mask, and to ensure that the correct keystore is
used to unmask the data.
About this task
You can create a profile that creates a new keystore or you can use an existing keystore. If you
create a keystore, it must be downloaded and stored in a secure location. Remove the keystore from
the local system and store it in a location that can be accessed only by users who are authorized to
view the unmasked data.
Configuring profiles that use different keystores is useful when you want to limit data access to
different groups of users. For example, create two profiles that use different keystores when you
want one group of users to see user names and another group of users to see host names.
Procedure
-
On
the navigation menu (
), click
Admin.
-
In the Data Sources section, click Data Obfuscation
Management.
-
To create a new profile, click Add and type a unique name and
description for the profile.
-
To create a new keystore for the profile, complete these steps:
-
Click System generate keystore.
-
In the Provider list box, select IBMJCE.
-
In the Algorithm list box, select JCE and select
whether to generate 512-bit or 1024-bit encryption keys.
In the Keystore Certificate CN box, the fully qualified domain
name for the QRadar server is
auto-populated.
-
In the Keystore password box, enter the keystore password.
The keystore password is required to protect the integrity of the keystore. The password must
be at least 8 characters in length.
-
In the Verify keystore password, retype the password.
-
To use an existing keystore with the profile, complete these steps:
-
Click Upload keystore.
-
Click Browse and select the keystore file.
-
In the Keystore password box, type the password for the keystore.
-
Click Submit.
-
Download the keystore.
Remove the keystore from your system and store it in a secure location.
What to do next
Create the data obfuscation expressions that target the data that you want to hide.