Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Scrubbing PII from Logs in LogStash

Ayush Priya
November 16, 2021
Technology
0
690

Scrubbing PII from Logs in LogStash

ElasticSearch, LogStash and Kibana together create one of the most popular log ingestion and indexing solution. However, the logs being indexed and made available can potentially contain sensitive information such as PII. The talk will explain how to setup masking for such sensitive information(s) present in the logs in LogStash. This would enable any principal who wants to look at the logs to be able to do so while protecting leakage and misuse of sensitive information.

As an example case study, the participants will be shown how to setup filters in LogStash to mask data in the log conditionally based on whether the sensitive field is present in the particluar log entry or not.

Ayush Priya

November 16, 2021
Tweet

More Decks by Ayush Priya

See All by Ayush Priya
Introduction to Fuzzing with AFL
ayushpriya10
0
20
Introduction to Deserialization Attacks
ayushpriya10
2
600
Web Assembly for Hackers
ayushpriya10
0
28

Other Decks in Technology

See All in Technology
Data and AI Governance: Existing Challenges and Emerging Trends
scotthsieh825
0
140
Oracle Exadata Database Service on Cloud@Customer (ExaDB-C@C) - UI スクリーン・キャプチャ集
oracle4engineer
PRO
1
1.1k
Discord とビルダー&チャットボットの使い方 / How to use Discord and Builder & Chatbots
ks91
PRO
0
130
レガシーをぶっ壊せ。AEONで始めるDevRelの話 / Qiita Night 2024-2-22
aeonpeople
3
120
日本におけるデータエンジニアリングのこれまでとこれから
foursue
9
2k
Amplify Gen2を 拡張してみよう JAWS-UG北陸新幹線 ( 福井開催 ) 2024-04-06/Let's extend Amplify Gen2
fossamagna
0
280
Janus
bkuhlmann
0
480
Signals Unleashed: The Full Guide
rainerhahnekamp
0
350
Postman v10リリース後を振り返る
nagix
0
120
小さな開発会社がWebサービスを作る理由
polidog
PRO
0
130
Databricksを活用してDELISH KITCHENのレシピレコメンドを開発した話
furu8
0
250
Microsoft Cloudで 開発ライフサイクルを保護する
kkamegawa
0
140

Featured

See All Featured
Mobile First: as difficult as doing things right
swwweet
216
8.6k
The Cult of Friendly URLs
andyhume
73
5.7k
Six Lessons from altMBA
skipperchong
19
3k
Atom: Resistance is Futile
akmur
258
25k
RailsConf 2023
tenderlove
1
530
What’s in a name? Adding method to the madness
productmarketing
PRO
15
2.6k
StorybookのUI Testing Handbookを読んだ
zakiyama
10
4.6k
For a Future-Friendly Web
brad_frost
171
8.9k
What's new in Ruby 2.0
geeforr
336
31k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
658
120k
Ruby is Unlike a Banana
tanoku
95
10k
Fashionably flexible responsive web design (full day workshop)
malarkey
397
65k

Transcript

  1. Masking Sensitive Data in Logs with LogStash Ayush (@ayushpriya10), DevSecOps

    Engineer at Appsecco

  2. • What is Sensitive Information? • Problem Statement • Proposed

    Solution • Demonstration • Impact • Probable Questions • Conclusion Contents

  3. • Not just passwords and credentials • Personally Identifiable Information/Context

    Dependent Information What is Sensitive Information?

  4. • Removing PII from Logs for a B2C Internet Unicorn

    • Why do we want to remove PII from Logs? Problem Statement

  5. • Data Masking • What is LogStash? • LogStash Configuration

    • Input • Filter • Output Proposed Solution

  6. LogStash Configuration

  7. Demonstration

  8. Result

  9. • No refactoring required • Can be extended to other

    applications in the ecosystem • Enabled Dev teams to do their jobs while the problem was solved Impact of the Solution

  10. • Why would we log Sensitive Information? • The original

    logs still have the PII, how does the solution solves the problem for the original logs? Probable Questions

  11. • Information can become sensitive based on the context •

    LogStash allows us to Mutate/Filter logs before being sent to ElasticSearch • The solution enabled Developers to continue their work while ensuring privacy • The aim is to not be a blocker for other teams when solving for security issues Conclusion

  12. Thank You! Ayush ([email protected]), DevSecOps Engineer at Appsecco Twitter: @ayushpriya10

    LinkedIn: https://www.linkedin.com/in/ayushpriya10/