Forum Discussion

royceking_18057's avatar
May 06, 2015

ASM Sensitive Parameter Import?

I have around 4k sensitive parameters that need to be masked. The list is constantly updated. Does ASM have a way to import a large list of parameter names into the sensitive parameters list?

 

Right now these parameters are showing up in the request logs. If I could turn off the post payload logging it would solve the problem as well.

 

4 Replies

  • R_Marc's avatar
    R_Marc
    Icon for Nimbostratus rankNimbostratus

    I think if you create a custom profile and just don't include "request" it should get rid of post data.

     

  • I actually am not sure if it is the request log or the event log. I get there by going to Security > Application Security > Policy Building > Manual Traffic learning. Then I click on one of the Traffic Learning violations, like "Attack signature detected". This then shows all the signature violations. I choose one and click the number under "Recent incidents" which brings up a pop up with all the violations for that signature. When clicking on one of the URLs that is shown in violation, and going to "Full Request" the post payload is displayed in the window. That is where the sensitive parameters are exposed.

     

    How do I mask those without having to enter each parameter?

     

  • Not logging requests is not really an option as you will be willingly stopping any ability to audit and investigate issues, also potentially breaking regulatory requirements.

    I am surprised you actually have 4000 uniquely named sensitive parameters in your application, is it some sort of a medical/health form ?

    Remember that first of all if these parameters are form variables they might all have a common prefix (e.g. if your parameter is called "frmHealth_NumberOfHospitalAdmisonsInLast3Years" and all others start from "frmHealth_" you can just create a Wildcard sensitive parameter "frmHealth_*" and that will do the job - easy!

    However, if all your sensitive parameters have unique names with no common pattern and cannot be grouped together using a wildcard then you will indeed need create them in the policy individually. It is tricky and requires some work with text editors/Excel/ but it can be done.

    Here is how you can import them:

    • first of all Export your ASM policy as XML (do not tick the Compact Format)
    • obtain the full list of your sensitive parameters (e.g. in text or Excel format)
    • open the exported XML policy file using a goot text editor, for example Notepad++
    • find the section named "sensitive_parameters" - you will see that your existing sensitive parameters are in this format:

      ``` `password `

    • prepare your parameters to be imported to be in the same format (e.g using Excel and concat command), so each parameter you need to import looks like this:

      **mySensitiveParameterNameHere**

    • copy paste your list of parameters in the above XML format into the XML policy document just after the last

      tag

    • import the XML policy back into ASM

    • Done!

    Hope this helps,

    Sam

  • Sam,

     

    This is exactly what I needed to know. We are a Tax company so pleasing 50 states and the Federal governments requires a lot of parameters. Knowing that I can use a wild card is going to help a lot. I believe doing a SSN or SSN* will cover a lot of the parameters.

     

    The XML import trick looks like something I might have to do too. I will test it out and let you know how it goes.

     

    Thanks for the help. It is always interesting when support just tells you you can't do it and then someone in the community understands what is going on and knows a solution.

     

    Cheers

     

    Royce