- Observability: other versions:
- Get started
- What is Elastic Observability?
- What’s new in 8.17
- Quickstart: Monitor hosts with Elastic Agent
- Quickstart: Monitor your Kubernetes cluster with Elastic Agent
- Quickstart: Monitor hosts with OpenTelemetry
- Quickstart: Unified Kubernetes Observability with Elastic Distributions of OpenTelemetry (EDOT)
- Quickstart: Collect data with AWS Firehose
- Add data from Splunk
- Applications and services
- Application performance monitoring (APM)
- Get started
- Learn about data types
- Collect application data
- View and analyze data
- Act on data
- Use APM securely
- Manage storage
- Configure APM Server
- Monitor APM Server
- APM APIs
- Troubleshooting
- Upgrade
- Release notes
- Known issues
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure projects
- Multi-factor Authentication
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Use Synthetics with traffic filters
- Migrate from the Elastic Synthetics integration
- Scale and architect a deployment
- Synthetics support matrix
- Synthetics Encryption and Security
- Troubleshooting
- Real user monitoring
- Uptime monitoring (deprecated)
- Tutorial: Monitor a Java application
- Application performance monitoring (APM)
- CI/CD
- Cloud
- Infrastructure and hosts
- Logs
- Troubleshooting
- Incident management
- Data set quality
- Observability AI Assistant
- Reference
Application data security
editApplication data security
editWhen setting up Elastic APM, it’s essential to review all captured data carefully to ensure it doesn’t contain sensitive information like passwords, credit card numbers, or health data. In addition, you may wish to filter out other identifiable information, like IP addresses, user agent information, or form field data.
Depending on the type of data, we offer several different ways to filter, manipulate, or obfuscate sensitive information during or before ingestion:
In addition to utilizing filters, you should regularly review the sensitive fields table to ensure sensitive data is not being ingested. If it is, it’s possible to remove or redact it. See Delete sensitive data for more information.
Built-in data filters
editBuilt-in data filters allow you to filter or turn off ingestion of the following types of data:
Data type | Common sensitive data |
---|---|
Passwords, credit card numbers, authorization, etc. |
|
Passwords, credit card numbers, etc. |
|
Client IP address and user agent. |
|
URLs visited, click events, user browser errors, resources used, etc. |
|
Sensitive user or business information |
Custom filters
editCustom filters allow you to filter or redact other types of APM data on ingestion:
Applied at ingestion time. All agents and fields are supported. Data leaves the instrumented service. There are no performance overhead implications on the instrumented service. |
|
Not supported by all agents. Data is sanitized before leaving the instrumented service. Potential overhead implications on the instrumented service |
Sensitive fields
editYou should review the following fields regularly to ensure sensitive data is not being captured:
Field | Description | Remedy |
---|---|---|
|
The client IP address, as forwarded by proxy. |
|
|
The body of the monitored HTTP request. |
|
|
The canonical headers of the monitored HTTP request. |
|
|
The address of the last proxy or end-user (if no proxy). |
|
|
The canonical headers of the monitored HTTP response. |
|
|
Process arguments. |
|
|
Database statement. |
|
|
A flat mapping of local variables captured in the stack frame |
|
|
The query string of the request, e.g. |
|
|
Logged-in user information. |
|
|
Device and version making the network request. |
ElasticON events are back!
Learn about the Elastic Search AI Platform from the experts at our live events.
Register now