How can i HASH or encrypt a field value in ArcSight Flex Connector?
I have a syslog parser with very important information like PIN and PAN Credit card Number. is there anybody have an experience for change clear integer number in a field to encrypted value with unique formulla ?
for example i have a Credit card number that i dont want to pars excact integer card number for indexing in ArcSight ESM.
Re: How can i HASH or encrypt a field value in ArcSight Flex Connector?
To ensure that the data cannot be reversed if for example a key is leaked, it should be done using one way hashes, that means you can still provide usercases and monitoring, without knowing the original value, and ensuring they cannot be reversed through the means of using your leaked key. This does not taking things like hash collisions into consideration, or rainbow tables.
I am unaware of anything like this built into the connector, and i double checked the available Operations in the flexconnector dev guide to find a operation to create hashes (at least md5), though nothing was found.
If you do not need these fields at all, so hashing is not needed, then you just replace the data with nothing, or with "****" and problem solved 🙂
Maybe someone else have a good idea?
Too be honest, from a compliancy point of view, this data should be hashed BEFORE they are sent to the connector, so by the application itself, and if the data is not needed, should not be included in the logging either.
ArcSight does offer encryption using SecureData, which is configured during the installation of the connector under global parameters called "Format Preserving Encryption", though i do not have any experience with that product, so i would not be able to provide more information on it.
All topics and replies made is based on my personal opinion, viewpoint and experience, it does not represent the viewpoints of MicroFocus.
All replies is based on best effort, and can not be taken as official support replies.