Forum Discussion

mauro_59211's avatar
mauro_59211
Icon for Nimbostratus rankNimbostratus
Apr 05, 2011

Mask sensitive data in ASM

Hi all,

 

from theASMmodule, I canmask some data(such as passwords)inlogsthataresenttoanexternalsyslog?

 

 

Thanks

 

m

 

APM
app sec
security

3 Replies

Sort By
  • Mike_Maher's avatar
    Mike_Maher
    Icon for Nimbostratus rankNimbostratus
    Apr 05, 2011
    Depending on what version of the software you are running, when you create a parameter there is a check box to mark it as a sensitive parameter and that will hide the value in the logs

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Apr 05, 2011
    Hi Mauro,

     

     

    Are these parameters in the HTTP request URI or payload that you want to mask? If so, have you configured them as sensitive parameters in the policy? I'm not sure whether ASM supports masking sensitive data outside of parameters though.

     

     

    Aaron
  • mauro_59211's avatar
    mauro_59211
    Icon for Nimbostratus rankNimbostratus
    Apr 05, 2011
    Thanks for your answers,

     

    Use this release:

     

    BIG-IP 10.2.1 Build 297.0 Final,

     

    the parameter are in payload.

     

     

    I thought the field was reported only sensitive to the responses of the web server to the client, and not to the logs, but I read now in the online web help that is also working on the logs :-) I try now its, thanks

     

    mauro