Hiding sensitive information with an App Visibility confidentiality policy file
As a security officer working with TrueSight App Visibility Manager, you can define a confidentiality policy to prevent sensitive code-level diagnostics information from leaving the monitored server computer. The confidentiality policy ensures that sensitive information contained in specified methods does not reach the network and is not displayed. With the policy, you can identify methods with confidential information and the hiding mode for the methods.
While processing your application code information, an App Visibility agent matches the confidentiality rules according to their order in the policy. When a match is found, the specified hiding mode is applied and subsequent rules are ignored.
If no match is found, or if no rules are present, no information is hidden.
The following information and procedures enable you to hide sensitive information:
Identifying methods and specifying the hiding mode in confidentiality rules
A confidentiality policy consists of a list of rules, each of which has a hiding mode, and a unique identifier that specifies one or more methods.
For each rule, you specify a rule name, a hiding mode, and one or more method identifiers.
Specifying a hiding mode
A confidentiality policy rule includes a hiding mode, which is the value of the
hide parameter in the rule. Use one of the following values to determine the hiding mode:
CALLSremoves the entire method call or calls from all code-level diagnostics, including the method names and the details.
DETAILSremoves the method parameters, return values, and other extracted information. The method call or calls are still displayed in the code-level diagnostics.
With either hiding method, confidential information is not displayed in errors or exceptions if a stack trace is recorded.
Identifying one or more methods
When you create or edit a confidentiality policy rule, you must identify the code you want to be concealed. If your application code matches the identifier value or values, the rule is applied.
To identify the method or methods, specify one or more of the following parameter values:
- (Agent for .NET, only)
class, Class name
method, Method name
Alternatively, for the App Visibility agent for Java, you can use a recording rule ID (
recordingRuleId) to specify a method or methods. For details about accessing recording rule IDs, contact Customer Support.
The parameter values can be an exact match or a prefix:
- For an exact match, enter the full name of a class or method. The class name requires the fully qualified name that includes the package.
- For a prefix, enter the prefix of one or more of the identifier names, followed by an asterisk (*).
Before you begin
To perform this procedure, you must have-level access.
To protect confidential data by adding or editing confidentiality policy rules
- From the navigation pane of the TrueSight console, select Administration > App Visibility Agent Policies and click the Confidentiality Policies tab.
Click the action menu of the policy that you want to edit, and select Edit.
You cannot edit an out-of-the-box policy (displayed with a lock icon), but you can create a copy of the policy and edit the copy:
- From the action menu of the policy that you want to copy, select Save As.
- On the Create App Visibility Agent Confidentiality Policy page, rename the policy and modify it according to your requirements.
On the Edit App Visibility Agent Confidentiality Policy page,the policy according to your requirements.
For details, see Examples of rules in the confidentiality policy, later in this topic.
- Click Save.
For details, see Managing App Visibility policy files. to relevant agents, or .
To ensure that confidential data is protected, you can also disable the functionality that shows the slowest database queries in the Application View because queries might contain information that you do not want to reveal. For instructions, see To protect confidential data by not showing database queries later in this topic.
If a confidentiality policy is invalid and cannot be processed, all calls to all methods in all classes and (for .NET applications) all modules are hidden as a security precaution. Likewise, code-level information is hidden for all entry points and exit points and they are displayed under the generic labels
<entry point> and
If the confidentiality policy is invalid, an event is recorded in the health-events.csv file and in integrated systems. You can configure the display of the Warning on the Events page, as described in the Sending App Visibility health events to integrated systems topic.
Examples of rules in the confidentiality policy
The following examples present specific rules for a confidentiality policy. A policy can contain several rules and the order of the rules is important. Order confidentiality rules so that more specific rules are listed before more general rules.
Example: Hide methods, value prefix, .NET application
The following rule applies to an application monitored by an App Visibility agent for .NET. The rule removes methods that match the listed criteria:
- Module name is
- Class name starts with
- Method name starts with
<MyAppHidingRule1_wholeMethods> hide=CALLS module=MyLib.dll class=com.mycompany.myrootpkg.myapp.secret.MySecretCl* method=doSecretly*
Example: Hide method details, exact match, any application
The following rule removes details from all methods in the monitored application that match the
com.mycompany.myrootpkg.myapp.somewhatsecret.MySomewhatSecretClass class name.
<MyAppHidingRule2_onlyValues> hide=DETAILS class=com.mycompany.myrootpkg.myapp.somewhatsecret.MySomewhatSecretClass
Example: Hide method details, recording rule, Java application
The following rule removes methods from an application monitored by as App Visibility agent for Java, according to those specified in the
MyAppRecRule42 recording rule:
<MyAppHidingRule3_basedOnRecRule> hide=CALLS recordingRuleId=MyAppRecRule42
When you use a confidentiality policy, consider the following situations:
- Entry points and exit points. Entry points (transaction start methods) and exit points (calls to external systems) represent pivotal diagnostics information and the corresponding method calls are not completely removed. If a
hide=CALLSrule matches an entry point or exit point method, the point is displayed under a generic label (
<exit point>) and no details are included.
- Exception messages. The App Visibility agent for .NET filters exceptions that report at the code level, but it cannot hide sensitive information that might be included in exception messages. Instead, you can completely turn off details for code-level exceptions in the general agent policy by ensuring that
persisting.exception.stacktrace=false(the default value). The stack trace frames are filtered by the applied confidentiality rule, as they are for any other methods.
- Parameter values. You can prevent the display of sensitive information that is recorded from HTTP parameters and headers. For details, see Concealing sensitive data recorded by the App Visibility agents.
To protect confidential data by not showing database queries
To ensure that confidential data is protected, you can disable the functionality that shows the slowest database queries in the Application View (see the "Examine the slowest database queries" section in Analyzing database problems with the Database tier), because queries might contain information that you do not want to reveal.
Use the following procedure to disable the slowest database queries:
- On the App Visibility Agent Policies page, click the Agent Policies tab.
Click the action menu of the agent policy that is applied to the same agent as the confidentiality policy that you created:
If it is a custom policy, select Edit.
If it is an out-of-the-box policy (displayed with a lock icon), select Save As and edit the newly created copy.
At the end of the file, add the following line:
- Click Save.
- to relevant agents, or .