This article is the fourth in our 4-part series on feeding the Datadog cloud analytic platform with different kinds of data from IRI Voracity operations. It focuses on visualizing search logs from the DarkShield unstructured data masking product (also a Voracity component) in Datadog for security analytics.
Elasticsearch is a Java-based search engine that has an HTTP interface and stores its data in schema-free JSON documents. Unfortunately, a spate of costly and painful breaches of Personally Identifiable Information (PII) continue to plague online Elasticsearch databases:
Were all the PII or other sensitive information in these DBs masked however, successful hacks and development copies may not be problematic.
Just as IRI FieldShield product users can reach and mask personally identifiable information (PII) — and IRI Voracity platform users can integrate and govern structured files — in Amazon Simple Storage Service (Amazon S3) buckets, IRI DarkShield users can now find and mask PII in unstructured files stored in S3.
Splunk Phantom is an orchestration, automation, and response technology for running “Playbooks” to respond to various conditions. Phantom connects to Splunk Enterprise using the Phantom App for Splunk, so that actions can be taken on knowledge derived from data indexed in Splunk.
This article demonstrates the use of IRI DarkShield to identify and remediate (mask) personally identifiable information (PII) and other sensitive data in MongoDB, Cassandra, and Elasticsearch databases.
Article 17 of the General Data Protection Regulation (GDPR) stipulates the Right to Erasure, often referred to as the Right to be Forgotten. While the regulation specifies some requirements as to what controllers must do with data requested to be “erased”, it does not expressly define what the term erasure means.