docs.cribl.io Open in urlscan Pro
18.66.97.39  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Skip to main content
StreamEdge
APIQ&ACommunity

Stream
3.5
 * 3.5
 * 3.4
 * 3.3
 * 3.2.2
 * 3.2.1
 * 3.2
 * 3.1.3
 * 3.1
 * 3.0.4
 * 3.0
 * 2.4

DocsRelease Notes
🌜
🌞

 * Introduction
   * Welcome
   * About Cribl Stream
   * Basic Concepts
   * QuickConnect
   * Getting Started Guide
   * Distributed Quick Start
 * Cribl.Cloud
   * Launch Guide
 * Deploying Cribl Stream Software
 * Administering
 * Working With Data
 * Functions
 * Sources
 * Destinations
 * Knowledge
 * Reference
 * Techniques & Tips
   * Tips and Tricks
   * Integrating with Other Services
   * Lookup Applications
   * Sampling Applications
   * Using Other Functions
     * Code Function Examples
     * Ingest-time Fields
     * Masking and Obfuscation
     * Reducing Windows XML Events
     * Regex Filtering
   * Using Collectors
   * Securing Cribl Stream
 * Setup Guides
 * Videos
 * Troubleshooting
 * Third-Party Software

Version: 3.5
On this page


MASKING AND OBFUSCATION


MASKING AND ANONYMIZATION OF DATA IN MOTION

To mask patterns in real time, we use the out-of-the-box Mask Function . This is
similar to sed, but with much more powerful functionality.


MASKING CAPABILITIES

The Mask Function accepts multiple replacement rules, and accepts multiple
fields to apply them to.

Match Regex is a JS regex pattern that describes the content to be replaced. It
can optionally contain matching groups. By default, it will stop after the first
match, but using /g will make the Function replace all matches.

Replace Expression is a JS expression or literal to replace matched content.

Matching groups can be referenced in the Replace Expression as g1, g2... gN, and
the entire match as g0.

There are several masking methods that are available under C.Mask.:

C.Mask.random: Generates a random alphanumeric string C.Mask.repeat: Generates a
repeating char/string pattern, e.g., XXXX C.Mask.REDACTED: The literal
'REDACTED' C.Mask.md5: Generates a MD5 hash of given value C.Mask.sha1:
Generates a SHA1 hash of given value C.Mask.sha256: Generates a SHA256 hash of
given value

Almost all methods have an optional len parameter which can be used to control
the length of the replacement. len can be either a number or string. If it's a
string, its length will be used. For example:


Defining the replacement length


MASKING EXAMPLES

Let's look at the various ways that we can mask a string like this one:
cardNumber=214992458870391. The Regex Match we'll use is: /(cardNumber=)(\d+)/g.
In this example:

 * g0 = cardNumber=214992458870391
 * g1 = cardNumber=
 * g2 = 214992458870391


RANDOM MASKING WITH DEFAULT CHARACTER LENGTH (4):

 * Replace Expression: `${g1}${C.Mask.random()}`
 * Result: cardNumber=HRhc


RANDOM MASKING WITH DEFINED CHARACTER LENGTH:

 * Replace Expression: `${g1}${C.Mask.random(7)}`
 * Result: cardNumber=neNSm8r


RANDOM MASKING WITH LENGTH PRESERVING REPLACEMENT:

 * Replace Expression: `${g1}${C.Mask.random(g2)}`
 * Result: cardNumber=DroJ73qmyaro51u3


REPEAT MASKING WITH DEFAULT CHARACTER LENGTH (4):

 * Replace Expression: `${g1}${C.Mask.repeat()}`
 * Result: Result: cardNumber=XXXX


REPEAT MASKING WITH DEFINED CHARACTER CHOICE AND LENGTH:

 * Replace Expression: `${g1}${C.Mask.repeat(6, 'Y')}`
 * Result: cardNumber=YYYYYY


REPEAT MASKING WITH LENGTH PRESERVING REPLACEMENT:

 * Replace Expression: `${g1}${C.Mask.repeat(g2)}`
 * Result: cardNumber=XXXXXXXXXXXXXXX


LITERAL REDACTED MASKING:

 * Replace Expression: `${g1}${C.Mask.REDACTED}`
 * Result: cardNumber=REDACTED


HASH MASKING (APPLIES TO: MD5, SHA1 AND SHA256):

 * Replace Expression: `${g1}${C.Mask.md5(g2)}`
 * Result: cardNumber=f5952ec7e6da54579e6d76feb7b0d01f


HASH MASKING WITH LEFT N-LENGTH* SUBSTRING (APPLIES TO: MD5, SHA1 AND SHA256):

 * Replace Expression: `${g1}${C.Mask.md5(g2, 12)}`
 * Result: cardNumber=d65a3ddb2749*Replacement length will not exceed that of
   the hash algorithm output; MD5: 32 chars, SHA1: 40 chars, SHA256: 64 chars.


HASH MASKING WITH RIGHT N-LENGTH* SUBSTRING (APPLIES TO: MD5, SHA1 AND SHA256):

 * Replace Expression: `${g1}${C.Mask.md5(g2, -12)}`
 * Result: cardNumber= 933bfcebf992 *Replacement length will not exceed that of
   the hash algorithm output; MD5: 32 chars, SHA1: 40 chars, SHA256: 64 chars.


HASH MASKING WITH LENGTH* PRESERVING REPLACEMENT (APPLIES TO: MD5, SHA1 AND
SHA256):

 * Replace Expression: `${g1}${C.Mask.md5(g2, g2)}`
 * Result: cardNumber= d65a3ddb27493f5 *Replacement length will not exceed that
   of the hash algorithm output; MD5: 32 chars, SHA1: 40 chars, SHA256: 64
   chars.

Previous
« Ingest-time Fields
Next
Reducing Windows XML Events »
 * Masking and Anonymization of Data in Motion
 * Masking Capabilities
 * Masking Examples
   * Random Masking with default character length (4):
   * Random Masking with defined character length:
   * Random Masking with length preserving replacement:
   * Repeat Masking with default character length (4):
   * Repeat Masking with defined character choice and length:
   * Repeat Masking with length preserving replacement:
   * Literal REDACTED masking:
   * Hash Masking (applies to: md5, sha1 and sha256):
   * Hash Masking with left N-length* substring (applies to: md5, sha1 and
     sha256):
   * Hash Masking with right N-length* substring (applies to: md5, sha1 and
     sha256):
   * Hash Masking with length* preserving replacement (applies to: md5, sha1 and
     sha256):

Copyright © 2017–2022 Cribl, Inc.



We use cookies to make Cribl’s website a better place. Cookies help to provide a
more personalized experience for you, and web analytics for us. To learn more,
and to see a full list of cookies we use, check out ourPrivacy Policy (sorry,
there is no cake).

OK
Cookies Settings




PRIVACY PREFERENCE CENTER

When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All


MANAGE CONSENT PREFERENCES

STRICTLY NECESSARY COOKIES

Always Active

These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.

PERFORMANCE COOKIES

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.

FUNCTIONAL COOKIES

Functional Cookies

These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.

TARGETING COOKIES

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.

Back Button


PERFORMANCE COOKIES



Search Icon
Filter Icon

Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
Switch Label label
Switch Label label
Switch Label label

Reject All Confirm My Choices