How to mask card number of xml message

Anil0110 · January 11, 2023, 12:42pm

Hello the requirement is we need to mask the cardnumber of xml message

our input message looks like :

message :

output message expected

Ayush_Mathur · January 11, 2023, 4:50pm

Elasticsearch doesn't provide any functionality to mask or obfuscate a single line of your payload. However, there are few options to secure whole payload field itself, not sure how much of interest that will be for you.
The options, however, include field level security, pseudonimization and or a combination of both.
If you still want to mask a particular line in your event, you are in for a tedious ingest pipeline scripting.

BenB196 · January 11, 2023, 10:04pm

You might be able to use a runtime field here, in combination with field level security to show an masked output without needing to alter data, but...

runtime fields have overhead so this might not be ideal
I'm not 100% sure runtime fields work with field level security
- I'd assume so, but I've never tested it

Very big but:

There are very few legitimate reasons you should be sorting raw credit card data in the first place. There are a lot of standards/policies/regulations around this data. You should be asking yourself if your use-case really needs to store the full raw credit card number in the first place. And if it really does need to, you should be really sure you're doing it correctly.

leandrojmp · January 11, 2023, 10:22pm

If you are parsing your XML message and have the cardNumber in a field, it is pretty easy to anonymize it, but how you do that depends on how you are parsing your message, if you are using Logstash or not for example.

If you are not parsing your XML message and have the entire XML data on a field, you may be able to anonymize it before ingesting if you are using Logstash or maybe if you are using a ingest pipeline.

The anonymization of the data needs to be done before ingesting.

How are you ingesting your data?

Anil0110 · January 15, 2023, 7:19am

Dear Ayush,

Only need to mask card number value not the element

Ayush_Mathur · January 16, 2023, 7:19am

@Anil0110 in that case, as I commented earlier and @leandrojmp has suggested, you can use ingest pipeline to obfuscate the data if you whole XML is residing in a separate field, generally named as "payload". You can then call this pipeline from filebeat based on condition that your "payload contains cardNumber".

system · February 13, 2023, 7:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.