Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

close

keyboard_arrow_left

Table of Contents Expand all

play_arrow What's New for Administrators
- What's New for Administrators
- New Features and Enhancements in JSA 7.4.2
- New Features and Enhancements in JSA 7.4.1
- New Features and Enhancements in JSA 7.4.0
play_arrow Overview of JSA Administration
- JSA Administration
- Capabilities in Your JSA Product
- Supported Web Browsers
play_arrow User Management
- User Management
- User Roles
- Security Profiles
- User Accounts
- User Authentication
- LDAP Authentication
- SAML Single Sign-on Authentication
play_arrow License Management
- License Management
- Event and Flow Processing Capacity
- Burst Handling
- Uploading a License Key
- Allocating a License Key to a Host
- Distributing Event and Flow Capacity
- Viewing License Details
- Deleting Expired Licenses
- Exporting License Information
play_arrow System Management
- System Management
- System Health Information
- JSA Component Types
- Data Nodes
- Network Interface Management
- JSA System Time
- NAT-Enabled Networks
- Off-site Hosts Management
- Managed Hosts
- Configuration Changes in your JSA Environment
- Deploying Changes
- Restarting the Event Collection Service
- Shutting Down a System
- Restarting a System
- Collecting Log Files
- Changing the Root Password on Your JSA Console
- Resetting SIM
play_arrow JSA Set Up Tasks
- JSA Set Up Tasks
- Network Hierarchy
- Automatic Updates
- Manual Updates
- Configuring System settings
- IF-MAP Server Certificates
- SSL Certificates
- IPv6 Addressing in JSA Deployments
- Advanced Iptables Rules Examples
- Data Retention
- System Notifications
- Custom Offense Close Reasons
- Configuring a Custom Asset Property
- Index Management
- Restrictions to Prevent Resource-intensive Searches
- App Hosts
- Checking the Integrity Of Event and Flow Logs
- Adding Custom Actions
- Managing Aggregated Data Views
- Accessing a GLOBALVIEW Database
play_arrow Event Data Processing in JSA
- Event Data Processing in JSA
- DSM Editor Overview
- Properties in the DSM Editor
- Property Configuration in the DSM Editor
- Opening the DSM Editor
- Configuring a Log Source Type
- Configuring Property Autodetection for Log Source Types
- Configuring Log Source Autodetection for Log Source Types
- Configuring DSM Parameters for Log Source Types
- Custom Log Source Types
- Custom Property Definitions in the DSM Editor
- Event Mapping
- Exporting Contents from the DSM Editor
play_arrow Using Reference Data in JSA
- Using Reference Data in JSA
- Types Of Reference Data Collections
- Reference Sets Overview
- Creating Reference Data Collections by Using the Command Line
- Creating Reference Data Collections with the APIs
- Examples for Using Reference Data Collections
play_arrow User Information Source Configuration
- User Information Source Configuration
- User Information Source Overview
- Configuring the Tivoli Directory Integrator Server
- Creating and Managing User Information Source
- Collecting User Information
play_arrow Juniper Networks X-Force Integration
- Juniper Networks X-Force Integration
- Enabling the X-Force Threat Intelligence Feed
- Updating X-Force Data in a Proxy Server
- Preventing X-Force Data from Downloading Locally
- IBM QRadar Security Threat Monitoring Content Extension
- Juniper X-Force Exchange Plug-in for JSA
play_arrow Managing Authorized Services
- Managing Authorized Services
- Viewing Authorized Services
- Adding an Authorized Service
- Revoking Authorized Services
play_arrow Backup and Recovery
- Backup and Recovery
- Backup JSA Configurations and Data
- Manage Existing Backup Archives
- Restore JSA Configurations and Data
- Backup and Restore Applications
- Data Redundancy and Recovery in JSA Deployments
- Backup and Restore the QRadar Analyst Workflow
play_arrow Flow Sources Management
- Flow Sources
- Types of Flow Sources
- Adding or Editing a Flow Source
- Enabling and Disabling a Flow Source
- Deleting a Flow Source
- Flow Source Aliases Management
- Correcting Flow Time Stamps
play_arrow Remote Networks and Services Configuration
- Remote Networks and Services Configuration
- Default Remote Network Groups
- Default Remote Service Groups
- Guidelines for Network Resources
- Managing Remote Networks Objects
- Managing Remote Services Objects
- QID Map Overview
play_arrow Server Discovery
- Server Discovery
- Discovering Servers
play_arrow Domain Segmentation
- Domain Segmentation
- Overlapping IP Addresses
- Domain Definition and Tagging
- Creating Domains
- Creating Domains for VLAN Flows
- Domain Privileges That Are Derived from Security Profiles
- Domain-specific Rules and Offenses
- Example: Domain Privilege Assignments Based on Custom Properties
play_arrow Multitenant Management
- Multitenant Management
- User Roles in a Multitenant Environment
- Domains and Log Sources in Multitenant Environments
- Provisioning a New Tenant
- Monitoring License Usage in Multitenant Deployments
- Rules Management in Multitenant Deployments
- Network Hierarchy Updates in a Multitenant Deployment
- Retention Policies for Tenants
play_arrow Asset Management
- Asset Management
- Sources Of Asset Data
- Incoming Asset Data Workflow
- Updates to Asset Data
- Identification Of Asset Growth Deviations
- Prevention Of Asset Growth Deviations
- Clean Up Asset Data After Growth Deviations
play_arrow Configuring JSA to Forward Data to Other Systems
- Forward Data to Other Systems
- Adding Forwarding Destinations
- Configuring Forwarding Profiles
- Configuring Routing Rules to Forward Data
- Using Custom Rules and Rule Responses to Forward Data
- Configuring Routing Rules to Use the JSA Data Store
- Viewing Forwarding Destinations
- Viewing and Managing Forwarding Destinations
- Viewing and Managing Routing Rules
play_arrow Event Store and Forward
- Event Store and Forward
- Store and Forward Overview
- Viewing the Store and Forward Schedule List
- Creating a Store and Forward Schedule
- Editing a Store and Forward Schedule
- Deleting a Store and Forward Schedule
play_arrow Security Content
- Security Content
- Types Of Security Content
- Methods Of Importing and Exporting Content
- Content Type Identifiers for Exporting Custom Content
- Content Management Script Parameters
play_arrow SNMP Trap Configuration
- SNMP Trap Configuration
- Adding a Custom SNMP Trap to JSA
- Sending SNMP Traps to a Specific Host
play_arrow Protect Sensitive Data
- Sensitive Data Protection
- How Does Data Obfuscation Work?
- Data Obfuscation Profiles
- Data Obfuscation Expressions
- Scenario: Obfuscating User Names
play_arrow Log Files
- Log Files
- Audit Logs
play_arrow Event Categories
- Event Categories
- High-level Event Categories
- Recon
- DoS
- Authentication
- Access
- Exploit
- Malware
- Suspicious Activity
- System
- Policy
- Unknown
- CRE
- Potential Exploit
- Flow
- User Defined
- SIM Audit
- VIS Host Discovery
- Application
- Audit
- Risk
- Risk Manager Audit
- Control
- Asset Profiler
- Sense
play_arrow Common Ports and Servers Used by JSA
- Common Ports and Servers Used by JSA
- JSA Port Usage
- Viewing IMQ Port Associations
- Searching for Ports in Use by JSA
- JSA Public Servers
- Docker Containers and Network Interfaces
play_arrow RESTful API
- RESTful API
- Accessing the Interactive API Documentation Page

list Table of Contents

English

keyboard_arrow_right

Data Obfuscation Profiles

date_range 27-Mar-21

arrow_backward

arrow_forward

The data obfuscation profile contains information about which data to mask. It also tracks the keystore that is required to decrypt the data.

Enabled profiles--Enable a profile only when you are sure that the expressions correctly target the data that you want to obfuscate. If you want to test the regular expression before you enable the data obfuscation profile, you can create a regex-based custom property.

A profile that is enabled immediately begins obfuscating data as defined by the enabled expressions in the profile. The enabled profile is automatically locked. Only the user who has the private key can disable or change the profile after it is enabled.

To ensure that obfuscated data can be traced back to an obfuscation profile, you cannot delete a profile that was enabled, even after you disable it.

Locked profiles-- A profile is automatically locked when you enable it, or you can lock it manually.

A locked profile has the following restrictions:

You cannot edit it.
You cannot enable or disable it. You must provide the keystore and unlock the profile before you can change it.
You cannot delete it, even after it is unlocked.
If a keystore is used with a profile that is locked, all other profiles that use that keystore are automatically locked.

The following table shows examples of profiles that are locked or unlocked:

Table 1: Locked Profile Examples
Scenario	Result
Profile A is locked. It was created by using keystore A. Profile B is also created by using keystore A.	Profile B is automatically locked.
Profile A is created and enabled.	Profile A is automatically locked.
Profile A, Profile B, and Profile C are currently locked. All were created by using keystore A. Profile B is selected and Lock/Unlock is clicked.	Profile A, Profile B, and Profile C are all unlocked.

arrow_backward PREVIOUS How Does Data Obfuscation Work?

NEXT arrow_forward Data Obfuscation Expressions

footer-navigation