Is there a way to filter sensitive fields, such as JSON Web Tokens (JWT) and passwords, out of incoming logs in Panther?
When using a custom log source schema, you can use the mask
transformation to conceal sensitive information in your logs. Read more about it in the Custom Log Transformations documentation.
It is also possible to exclude sensitive fields from your schema YAML (note that field discovery should be disabled). This will allow your payload not to be entirely stored, but note the following caveats:
If there are classification errors, Panther will store the full payload. There is not an option to delete that.
We store raw data in our archive for 90 days, so omitting the fields from a schema won't entirely work if you don't want any sensitive fields stored anywhere in your Panther instance.