There may be sensitive data captured when WAAS events take place, such as access tokens, session cookies, PII or other information considered to be personal by various laws and regulations.
By using WAAS log scrubbing rules, users can mark data as sensitive based on regex patterns or its location in the HTTP request. This data is removed from the logs before events are recorded, and is replaced with placeholders entered by the user.
Add/Edit WAAS Scrubbing Rule
To create or edit log scrubbing rules, follow the steps below:
Open the Console, and go to
Defend > WAAS > Log Scrubbing
or select an existing rule.
Enter Rule Name.
Select rule type: pattern-based or location-based.
Placeholder strings indicating the nature of the scrubbed data should be used as users will not be able to see the underlying scrubbed data.
Data will now be scrubbed from any WAAS event before it is written (either to the Defender log or syslog) and sent to the console:
If sensitive data triggers events, both the forensic message and the recorded HTTP request are scrubbed.
Hence, placeholder strings indicating the nature of the scrubbed data should be used as users will not be able to see the underlying scrubbed data.