This topic provides general guidelines for planning and configuring data privacy policies in the Security Analytics network. Before beginning configuration, you must understand the data that needs to be protected on your network and develop a plan. You will need to:
- Identify the meta keys that hold privacy-sensitive data and need to be protected. This decision is based on requirements specific to your site.
- Decide which users need access to privacy-sensitive meta data and raw content. The first decision is whether to separate the DPO and administrator roles for your site by configuring a custom administrators system role on Decoder and Log Decoders and removing the
dpo.managepermission. By default, administrators have all permissions including the ability to configure the salted hash transform used to obfuscate data; some sites may want to reserve this access for data privacy officers. The Service User Roles and Permissions in the Hosts and Services Getting Started Guide has more details on exactly what permissions each role has and the purpose of the permissions.
- Plan the configuration changes you need to make in your Security Analytics deployment to support adequate data privacy.
- Assess how your configuration may impact out-of-the-box and custom content. For example, by default content available via Live for Reporting Engine is not geared toward obfuscated meta values.
In a single deployment, certain data-privacy configurations in the Security Analytics Core services must be the same. The following table lists these settings and uses a checkmark to identify the services for which the configuration must be the same.