Scrubbing PII from Logs in LogStash

Transcript

1. Masking Sensitive Data in Logs with LogStash Ayush (@ayushpriya10), DevSecOps

   Engineer at Appsecco

2. • What is Sensitive Information? • Problem Statement • Proposed

   Solution • Demonstration • Impact • Probable Questions • Conclusion Contents

3. • Not just passwords and credentials • Personally Identifiable Information/Context

   Dependent Information What is Sensitive Information?

4. • Removing PII from Logs for a B2C Internet Unicorn

   • Why do we want to remove PII from Logs? Problem Statement

5. • Data Masking • What is LogStash? • LogStash Configuration

   • Input • Filter • Output Proposed Solution

6. LogStash Configuration

7. Demonstration

8. Result

9. • No refactoring required • Can be extended to other

   applications in the ecosystem • Enabled Dev teams to do their jobs while the problem was solved Impact of the Solution

10. • Why would we log Sensitive Information? • The original

    logs still have the PII, how does the solution solves the problem for the original logs? Probable Questions

11. • Information can become sensitive based on the context •

    LogStash allows us to Mutate/Filter logs before being sent to ElasticSearch • The solution enabled Developers to continue their work while ensuring privacy • The aim is to not be a blocker for other teams when solving for security issues Conclusion

12. Thank You! Ayush ([email protected]), DevSecOps Engineer at Appsecco Twitter: @ayushpriya10

    LinkedIn: https://www.linkedin.com/in/ayushpriya10/