Data Privacy: Prepare to Configure

Document created by RSA Information Design and Development Employee on Jun 22, 2017
Version 1Show Document
  • View in full screen mode

This topic provides general guidelines for planning and configuring data privacy policies in the Security Analytics network. Before beginning configuration, you must understand the data that needs to be protected on your network and develop a plan. You will need to:

  1. Identify the meta keys that hold privacy-sensitive data and need to be protected. This decision is based on requirements specific to your site.
  2. Decide which users need access to privacy-sensitive meta data and raw content. The first decision is whether to separate the DPO and administrator roles for your site by configuring a custom administrators system role on Decoder and Log Decoders and removing the dpo.manage permission. By default, administrators have all permissions including the ability to configure the salted hash transform used to obfuscate data; some sites may want to reserve this access for data privacy officers. The Service User Roles and Permissions in the Hosts and Services Getting Started Guide has more details on exactly what permissions each role has and the purpose of the permissions.
  3. Plan the configuration changes you need to make in your Security Analytics deployment to support adequate data privacy.
  4. Assess how your configuration may impact out-of-the-box and custom content. For example, by default content available via Live for Reporting Engine is not geared toward obfuscated meta values.

In a single deployment, certain data-privacy configurations in the Security Analytics Core services must be the same. The following table lists these settings and uses a checkmark to identify the services for which the configuration must be the same.

 Configure the Same For:
Data-Privacy SettingDecoderLog DecoderArchiverConcentratorBroker
Hash algorithm and salt for privacy-sensitive data checkmark3.png checkmark3.png    
Language key data privacy attributes in the custom index file (includes configuring keys as protected) checkmark3.png checkmark3.png checkmark3.png checkmark3.png checkmark3.png
Transient meta keys (not persisted on disk) per service and parser checkmark3.png checkmark3.png    
Meta data and raw content visibility per system user group. (The meta keys must exist in the custom index file.) checkmark3.png checkmark3.png checkmark3.png checkmark3.png checkmark3.png
User who has the Aggregation service user role assigned is added.* checkmark3.png checkmark3.png checkmark3.png   

* When trying to access data on an aggregate service, the Log Collector or Broker requests authentication. When prompted to enter user name and password, you must authenticate as a user who is assigned the Aggregation service role. The Aggregation Role topic in the Hosts and Services Getting Started Guide provides detailed information about this role. Follow the instructions in the Add, Replicate or Delete a Service User topic in the Hosts and Services Getting Started Guide to create a user and assign the new user the Aggregation service user role.

Previous Topic:Quick Start Procedures
You are here
Table of Contents > Quick Start Procedures > Prepare to Configure Data Privacy