How to mask card number of xml message

Hello the requirement is we need to mask the cardnumber of xml message

our input message looks like :

message :
image

output message expected

image

Elasticsearch doesn't provide any functionality to mask or obfuscate a single line of your payload. However, there are few options to secure whole payload field itself, not sure how much of interest that will be for you.
The options, however, include field level security, pseudonimization and or a combination of both.
If you still want to mask a particular line in your event, you are in for a tedious ingest pipeline scripting.

You might be able to use a runtime field here, in combination with field level security to show an masked output without needing to alter data, but...

  1. runtime fields have overhead so this might not be ideal
  2. I'm not 100% sure runtime fields work with field level security
    • I'd assume so, but I've never tested it

Very big but:

  1. There are very few legitimate reasons you should be sorting raw credit card data in the first place. There are a lot of standards/policies/regulations around this data. You should be asking yourself if your use-case really needs to store the full raw credit card number in the first place. And if it really does need to, you should be really sure you're doing it correctly.
1 Like

If you are parsing your XML message and have the cardNumber in a field, it is pretty easy to anonymize it, but how you do that depends on how you are parsing your message, if you are using Logstash or not for example.

If you are not parsing your XML message and have the entire XML data on a field, you may be able to anonymize it before ingesting if you are using Logstash or maybe if you are using a ingest pipeline.

The anonymization of the data needs to be done before ingesting.

How are you ingesting your data?

2 Likes

Dear Ayush,

Only need to mask card number value not the element

@Anil0110 in that case, as I commented earlier and @leandrojmp has suggested, you can use ingest pipeline to obfuscate the data if you whole XML is residing in a separate field, generally named as "payload". You can then call this pipeline from filebeat based on condition that your "payload contains cardNumber".