PII data in ingested into the ELK environment

Hello, we are needing to figure out if there's any personally identifiable information stored in our ELK stack, I did see a bunch of articles on finding CC numbers within the environment, but unless I am mistaken, it seems rudimentary and cumbersome. Are there are any native or 3rd party tools that integrate to allow us to custom search for whatever PII information (or PCI etc.) might be stored in the environment?

Thanks in advance, please let me know if more information is needed.

I haven't seen anything for this. Usually you'd do this during ingestion and either tag, mask or remove the data.

Also we’ve renamed ELK to the Elastic Stack, otherwise Beats feels left out :wink:

Thanks for your reply! This is not happening today, I was hoping there would be something that could RESTfully access data from Logstash and parse it for specific data.

And I would never want Beats to feel left out... Sorry!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.