This documentation and the Cisco Observability Platform functionalities it describes are subject to change. Data saved on the platform may disappear and APIs may change without notice.

logs:dataMaskingRuleV1

Description

Note: This object is not currently usable. Instead, you must define masking rules through the user interface.

Syntax

{
  "uniqueName": "<string>",
  "displayName": "<string>",
  "description": "<string>",
  "ruleScope": "<string>",
  "maskingExpressions": "<array>",
  "maskingOperation": "<string>",
  "replaceString": "<string>",
  "isEnabled": "<boolean>"
}

Attributes

Attribute	Description
`uniqueName`	Required. Name of the masking rule. Can contain only alphanumeric characters, underscores, hyphens, or periods. Maximum of 128 characters. Must be unique within a solution or tenant.
`displayName`	Required. Name of the masking rule as it appears in the user interface. Maximum of 64 characters.
`description`	Description of the masking rule. Maximum of 512 characters.
`ruleScope`	Required. Specifies the matching criteria that this rule must meet to be applied to a log message. Criteria must be a valid log attribute. Maximum of 2048 characters. Syntax: `"attribute(<attribute-name>) = <attribute-value>"` where can be unquoted, enclosed in single quotes (''), or enclosed in double quotes (""). Example: `"attribute(k8s.namespace.name) = 'bofa-23-08'"`.
`maskingExpressions`	Required. Array of masking expression IDs to use with this rule. Maximum of 512 characters. An expression ID can be in either the format of `<tenantID>:<ID of the fmm:dataMaskingExpression object>` or `<solutionID>:<name of the fmm:dataMaskingExpression object>`. For example, `maskingExpressions: ["<id7>", "<id15>"]`
`maskingOperation`	Type of masking operation to replace identified sensitive data. Valid values: `MASK_WITH_STRING`,`MASK_WITH_X`. If you set this to `MASK_WITH_STRING`, you must also set `replaceString`.
`replaceString`	The string you want to replace matching data with. You only need to specify this if you set `maskingOperation` to `MASK_WITH_STRING`.
`isEnabled`	Required. Enables or disables the rule. Valid values: `true` (enable), `false` (disable).

Example

{
    "isEnabled": true,
    "ruleScope": "attributes(container.name) = \"appd2\"",
    "uniqueName": "datasec-example-mastercard-2",
    "description": "Mask MasterCard Credit Card",
    "displayName": "Mask_MasterCard_and_Email_using_container_name",
    "replaceString": "******",
    "maskingOperation": "MASK_WITH_STRING",
    "maskingExpressions": [
        "55f8da9d-93de-4bf2-b818-c2c2ac1d3f8d:email_exp_demo",
        "55f8da9d-93de-4bf2-b818-c2c2ac1d3f8d:ccn_masking_expr_1"
    ]
}