Data security | Elastic Observability [master]

You are looking at preliminary documentation for a future release. Not what you want? See the current release documentation.

› › ›

« Elastic APM features Built-in data filters »

Data securityedit

When setting up Elastic APM, it’s essential to review all captured data carefully to ensure it doesn’t contain sensitive information like passwords, credit card numbers, or health data. In addition, you may wish to filter out other identifiable information, like IP addresses, user agent information, or form field data.

Depending on the type of data, we offer several different ways to filter, manipulate, or obfuscate sensitive information during or before ingestion:

In addition to utilizing filters, you should regularly review the sensitive fields table to ensure sensitive data is not being ingested. If it is, it’s possible to remove or redact it. See Delete sensitive data for more information.

Built-in data filtersedit

Built-in data filters allow you to filter or turn off ingestion of the following types of data:

Data type	Common sensitive data
HTTP headers	Passwords, credit card numbers, authorization, etc.
HTTP bodies	Passwords, credit card numbers, etc.
Personal data	Client IP address and user agent.
Real user monitoring data	URLs visited, click events, user browser errors, resources used, etc.
Database statements	Sensitive user or business information

Custom filtersedit

Custom filters allow you to filter or redact other types of APM data on ingestion:

Ingest pipelines	Applied at ingestion time. All agents and fields are supported. Data leaves the instrumented service. There are no performance overhead implications on the instrumented service.
APM agent filters	Not supported by all agents. Data is sanitized before leaving the instrumented service. Potential overhead implications on the instrumented service

Sensitive fieldsedit

You should review the following fields regularly to ensure sensitive data is not being captured:

Field	Description	Remedy
`client.ip`	The client IP address, as forwarded by proxy.	Personal data
`http.request.body.original`	The body of the monitored HTTP request.	HTTP bodies
`http.request.headers`	The canonical headers of the monitored HTTP request.	HTTP headers
`http.request.socket.remote_address`	The address of the last proxy or end-user (if no proxy).	Custom filters
`http.response.headers`	The canonical headers of the monitored HTTP response.	HTTP headers
`process.args`	Process arguments.	Database statements
`span.db.statement`	Database statement.	Database statements
`stacktrace.vars`	A flat mapping of local variables captured in the stack frame	Custom filters
`url.query`	The query string of the request, e.g. `?pass=hunter2`.	Custom filters
`user.*`	Logged-in user information.	Custom filters
`user_agent.*`	Device and version making the network request.	Personal data

« Elastic APM features Built-in data filters »