Creating a data obfuscation profile

IBM QRadar uses data obfuscation profiles to determine which data to mask, and to ensure that the correct keystore is used to unmask the data.

About this task

You can create a profile that creates a new keystore or you can use an existing keystore. If you create a keystore, it must be downloaded and stored in a secure location. Remove the keystore from the local system and store it in a location that can be accessed only by users who are authorized to view the unmasked data.

Configuring profiles that use different keystores is useful when you want to limit data access to different groups of users. For example, create two profiles that use different keystores when you want one group of users to see user names and another group of users to see host names.

Procedure

  1. On the navigation menu ( Navigation menu icon ), click Admin.
  2. In the Data Sources section, click Data Obfuscation Management.
  3. To create a new profile, click Add and type a unique name and description for the profile.
  4. To create a new keystore for the profile, complete these steps:
    1. Click System generate keystore.
    2. In the Provider list box, select IBMJCE.
    3. In the Algorithm list box, select JCE and select whether to generate 512-bit or 1024-bit encryption keys.
      In the Keystore Certificate CN box, the fully qualified domain name for the QRadar server is auto-populated.
    4. In the Keystore password box, enter the keystore password.
      The keystore password is required to protect the integrity of the keystore. The password must be at least 8 characters in length.
    5. In the Verify keystore password, retype the password.
  5. To use an existing keystore with the profile, complete these steps:
    1. Click Upload keystore.
    2. Click Browse and select the keystore file.
    3. In the Keystore password box, type the password for the keystore.
  6. Click Submit.
  7. Download the keystore.
    Remove the keystore from your system and store it in a secure location.

What to do next

Create the data obfuscation expressions that target the data that you want to hide.