Can Panther filter sensitive fields such as passwords out of incoming logs?

Last updated
Save as PDF

QUESTION

Is there a way to filter sensitive fields, such as JSON Web Tokens (JWT) and passwords, out of incoming logs in Panther?

ANSWER

When using a custom log source schema, you can use the mask transformation to conceal sensitive information in your logs. Read more about it in the Custom Log Transformations documentation.

It is also possible to exclude sensitive fields from your schema YAML (note that field discovery should be disabled). This will allow your payload not to be entirely stored, but note the following caveats:

If there are classification errors, Panther will store the full payload. There is not an option to delete that.
We store raw data in our archive for 90 days, so omitting the fields from a schema won't entirely work if you don't want any sensitive fields stored anywhere in your Panther instance.