Redaction Map
TruSTAR offers the ability to redact, or remove, information from a report. This redaction feature is powered by a redaction algorithm that features:
- Categorical redaction
- Wildcard matching
- Optimization for large datasets
For details on how to edit the Redaction Map, see Managing the Redaction Map.
How It Works
TruSTAR’s Redaction feature operates on two inputs:
- A TruSTAR Report
- A map of redaction descriptors known as the Redaction Map
When a report is submitted, TruSTAR uses the Redaction Map to delete the terms you have specified for removal. The Redaction algorithm programatically strips the terms from every part of the report, including the metadata.
You can add or delete terms to redact whenever you want.
TruSTAR Incident Report
Technically, an incident report is a map-like data structure that contains both metadata about the report and the report contents. For example, here is a simplified version of what an incident report looks like in TruSTAR Station.
Map {
metadata: Map {
title: "Network Intrusion Detected",
region: "North America"
},
content: "Network intrusion was detected at our branch in..."
}
Redaction Map
The redaction map stores all the terms you want to delete from new reports. A simple redaction map might look like this:
Map {
company-name: List [
"Superb Security Corp",
"Superb Subsidiary"
],
ip-address: List [
"8.8.8.8"
],
email-address: List [
"*@superb-security.co"
]
}
This sample Redaction Map defines a number of things to redact from reports:
- Company name
"Superb Security Corp"and the name of the subsidiary"Superb Subsidiar" - An IP address that should be kept private (
"8.8.8.8") - Every email address that ends in
"@superb-security.co"
