Prisma Cloud Compute Runtime events may include sensitive information that’s found in commands that are run by protected workloads, such as secrets, tokens, PII or other information considered to be personal by various laws and regulations.
Using the Runtime log scrubbing capabilities, you can filter such sensitive information and ensure that it is not included in the Runtime findings (Forensics, Incidents, audits, etc.).
You can filter your Runtime sensitive data out using the automatic scrubbing capability, as well as using custom scrubbing rules.
Follow the documentation instructions to learn more about these two options.
Sensitive information from WAAS logs can be scrubed as well, see WAAS Log Scrubbing to learn more.
Automatically scrub secrets from runtime events
To help identify and filter secrets that commonly appear in the Runtime monitored commands, we added the capability to automatically scrub known sensitive phrases and words such as "secrets", "token", etc. from your events.
The detected sensitive data will be replaced in the events by "[*****]".
Automatically scrubbing secrets will be
enabled
by default when upgrading Console from 21.08 to 22.01.