Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

close

keyboard_arrow_left

Table of Contents Expand all

play_arrow What's New for Administrators
- What's New for Administrators
- New Features and Enhancements in JSA 7.4.2
- New Features and Enhancements in JSA 7.4.1
- New Features and Enhancements in JSA 7.4.0
play_arrow Overview of JSA Administration
- JSA Administration
- Capabilities in Your JSA Product
- Supported Web Browsers
play_arrow User Management
- User Management
- User Roles
- Security Profiles
- User Accounts
- User Authentication
- LDAP Authentication
- SAML Single Sign-on Authentication
play_arrow License Management
- License Management
- Event and Flow Processing Capacity
- Burst Handling
- Uploading a License Key
- Allocating a License Key to a Host
- Distributing Event and Flow Capacity
- Viewing License Details
- Deleting Expired Licenses
- Exporting License Information
play_arrow System Management
- System Management
- System Health Information
- JSA Component Types
- Data Nodes
- Network Interface Management
- JSA System Time
- NAT-Enabled Networks
- Off-site Hosts Management
- Managed Hosts
- Configuration Changes in your JSA Environment
- Deploying Changes
- Restarting the Event Collection Service
- Shutting Down a System
- Restarting a System
- Collecting Log Files
- Changing the Root Password on Your JSA Console
- Resetting SIM
play_arrow JSA Set Up Tasks
- JSA Set Up Tasks
- Network Hierarchy
- Automatic Updates
- Manual Updates
- Configuring System settings
- IF-MAP Server Certificates
- SSL Certificates
- IPv6 Addressing in JSA Deployments
- Advanced Iptables Rules Examples
- Data Retention
- System Notifications
- Custom Offense Close Reasons
- Configuring a Custom Asset Property
- Index Management
- Restrictions to Prevent Resource-intensive Searches
- App Hosts
- Checking the Integrity Of Event and Flow Logs
- Adding Custom Actions
- Managing Aggregated Data Views
- Accessing a GLOBALVIEW Database
play_arrow Event Data Processing in JSA
- Event Data Processing in JSA
- DSM Editor Overview
- Properties in the DSM Editor
- Property Configuration in the DSM Editor
- Opening the DSM Editor
- Configuring a Log Source Type
- Configuring Property Autodetection for Log Source Types
- Configuring Log Source Autodetection for Log Source Types
- Configuring DSM Parameters for Log Source Types
- Custom Log Source Types
- Custom Property Definitions in the DSM Editor
- Event Mapping
- Exporting Contents from the DSM Editor
play_arrow Using Reference Data in JSA
- Using Reference Data in JSA
- Types Of Reference Data Collections
- Reference Sets Overview
- Creating Reference Data Collections by Using the Command Line
- Creating Reference Data Collections with the APIs
- Examples for Using Reference Data Collections
play_arrow User Information Source Configuration
- User Information Source Configuration
- User Information Source Overview
- Configuring the Tivoli Directory Integrator Server
- Creating and Managing User Information Source
- Collecting User Information
play_arrow Juniper Networks X-Force Integration
- Juniper Networks X-Force Integration
- Enabling the X-Force Threat Intelligence Feed
- Updating X-Force Data in a Proxy Server
- Preventing X-Force Data from Downloading Locally
- IBM QRadar Security Threat Monitoring Content Extension
- Juniper X-Force Exchange Plug-in for JSA
play_arrow Managing Authorized Services
- Managing Authorized Services
- Viewing Authorized Services
- Adding an Authorized Service
- Revoking Authorized Services
play_arrow Backup and Recovery
- Backup and Recovery
- Backup JSA Configurations and Data
- Manage Existing Backup Archives
- Restore JSA Configurations and Data
- Backup and Restore Applications
- Data Redundancy and Recovery in JSA Deployments
- Backup and Restore the QRadar Analyst Workflow
play_arrow Flow Sources Management
- Flow Sources
- Types of Flow Sources
- Adding or Editing a Flow Source
- Enabling and Disabling a Flow Source
- Deleting a Flow Source
- Flow Source Aliases Management
- Correcting Flow Time Stamps
play_arrow Remote Networks and Services Configuration
- Remote Networks and Services Configuration
- Default Remote Network Groups
- Default Remote Service Groups
- Guidelines for Network Resources
- Managing Remote Networks Objects
- Managing Remote Services Objects
- QID Map Overview
play_arrow Server Discovery
- Server Discovery
- Discovering Servers
play_arrow Domain Segmentation
- Domain Segmentation
- Overlapping IP Addresses
- Domain Definition and Tagging
- Creating Domains
- Creating Domains for VLAN Flows
- Domain Privileges That Are Derived from Security Profiles
- Domain-specific Rules and Offenses
- Example: Domain Privilege Assignments Based on Custom Properties
play_arrow Multitenant Management
- Multitenant Management
- User Roles in a Multitenant Environment
- Domains and Log Sources in Multitenant Environments
- Provisioning a New Tenant
- Monitoring License Usage in Multitenant Deployments
- Rules Management in Multitenant Deployments
- Network Hierarchy Updates in a Multitenant Deployment
- Retention Policies for Tenants
play_arrow Asset Management
- Asset Management
- Sources Of Asset Data
- Incoming Asset Data Workflow
- Updates to Asset Data
- Identification Of Asset Growth Deviations
- Prevention Of Asset Growth Deviations
- Clean Up Asset Data After Growth Deviations
play_arrow Configuring JSA to Forward Data to Other Systems
- Forward Data to Other Systems
- Adding Forwarding Destinations
- Configuring Forwarding Profiles
- Configuring Routing Rules to Forward Data
- Using Custom Rules and Rule Responses to Forward Data
- Configuring Routing Rules to Use the JSA Data Store
- Viewing Forwarding Destinations
- Viewing and Managing Forwarding Destinations
- Viewing and Managing Routing Rules
play_arrow Event Store and Forward
- Event Store and Forward
- Store and Forward Overview
- Viewing the Store and Forward Schedule List
- Creating a Store and Forward Schedule
- Editing a Store and Forward Schedule
- Deleting a Store and Forward Schedule
play_arrow Security Content
- Security Content
- Types Of Security Content
- Methods Of Importing and Exporting Content
- Content Type Identifiers for Exporting Custom Content
- Content Management Script Parameters
play_arrow SNMP Trap Configuration
- SNMP Trap Configuration
- Adding a Custom SNMP Trap to JSA
- Sending SNMP Traps to a Specific Host
play_arrow Protect Sensitive Data
- Sensitive Data Protection
- How Does Data Obfuscation Work?
- Data Obfuscation Profiles
- Data Obfuscation Expressions
- Scenario: Obfuscating User Names
play_arrow Log Files
- Log Files
- Audit Logs
play_arrow Event Categories
- Event Categories
- High-level Event Categories
- Recon
- DoS
- Authentication
- Access
- Exploit
- Malware
- Suspicious Activity
- System
- Policy
- Unknown
- CRE
- Potential Exploit
- Flow
- User Defined
- SIM Audit
- VIS Host Discovery
- Application
- Audit
- Risk
- Risk Manager Audit
- Control
- Asset Profiler
- Sense
play_arrow Common Ports and Servers Used by JSA
- Common Ports and Servers Used by JSA
- JSA Port Usage
- Viewing IMQ Port Associations
- Searching for Ports in Use by JSA
- JSA Public Servers
- Docker Containers and Network Interfaces
play_arrow RESTful API
- RESTful API
- Accessing the Interactive API Documentation Page

list Table of Contents

English

keyboard_arrow_right

Sensitive Data Protection

date_range 27-Mar-21

arrow_backward

arrow_forward

Configure a data obfuscation profile to prevent unauthorized access to sensitive or personal identifiable information in JSA.

Data obfuscation is the process of strategically hiding data from JSA users. You can hide custom properties, normalized properties such as user names, or you can hide the content of a payload, such as credit card or social security numbers.

The expressions in the data obfuscation profile are evaluated against the payload and normalized properties. If the data matches the obfuscation expression, the data is hidden in JSA. The data might be hidden to all users, or only to users belonging to particular domains or tenants. Affected users who try to query the database directly cannot see the sensitive data. The data must be reverted to the original form, by uploading the private key that was generated when the data obfuscation profile was created.

To ensure that JSA can still correlate the hidden data values, the obfuscation process is deterministic. It displays the same set of characters each time the data value is found.

arrow_backward PREVIOUS Sending SNMP Traps to a Specific Host

NEXT arrow_forward How Does Data Obfuscation Work?

footer-navigation