Netskope Help

Enable Hashing and Redaction of Log Fields

The OPLP supports hashing or redaction of certain sensitive fields from the log file to give you enhanced privacy and control over your log data. The parser computes a hash for specified values and inserts that into the JSON object sent to the Netskope cloud.

The hash function is irreversible and the original key value cannot be recovered by anyone with access to the Netskope cloud. However, the hash function is repeatable on the OPLP to match certain key values to the hash, for forensics purposes.

  1. Configuring hashing or redaction

    set log-upload perfieldaction fields <field-name> 
    set log-upload perfieldaction action [remove|hash]
    • remove: empties the specified fields from extracted events

    • hash: replaces the field values with SHA256 hash.

  2. To hash the username field, set the following commands:

    set log-upload perfieldaction fields user 
    set log-upload perfieldaction action hash
  3. To hash both source-ip and user field, you can specify it as comma separated field values:

    set log-upload perfieldaction fields user,srcip
    set log-upload perfieldaction action hash

    Note

    We recommended to only hash the user field. Hashing the srcip field is supported but causes the source location to not be identified, and the user analytics map will not show the accurate location of the users.

  4. To verify the hash value, enter this command from the Netskope shell:

    log-upload gethash key <value>

This runs the hash function on the key value to obtain the hash value and helps correlate specific key values against the entries in the Netskope cloud.