I want to mask data to prevent operators see some sensitive data in ASM event logs. When user login to my application, event log will show a record of http request like this.
I have operator team who can access f5 GUI and see this logging, so I try to configure sensitive data in Security››Application Security>>Content Profiles>>JSON Profiles to hide sensitive data. After I create a new JSON profile, I can see the tab "Sensitive Data Configuration". I try to add a couple of Element Name such as req, header, pwd then I assosiate this json profile with parameter that matched the request pattern. But event log still show everything without masking data. Did I miss something? Any advice would be appreciated.
I've tested this on 11.6 (but sure i've tested previously on 11.5.1), anyway it worked for me. The only difference was I added JSON profile to a URL, not a parameter. Could you try that as a test?
Otherwise what you are doing appears sound.
you can mask it with a json profile. There you have to insert the element name and thats it.
But it depends on you release. An older one doesn't has the json profile feature.
Go to Security >> Application Security: Content Profiles: JSON Profiles and verify that you have create a JSON profile.
At the bottom of the JSON profile properties screen, click Sensitive Data Configuration and verify that the "Element Name" matches the name of the parameter you are trying to protect.
Now the question is are you trying to associate your JSON profile with a URL or with a parameter? If it's a URL, you need to ensure that said URL is part of the Allowed URLs list for your policy. If it is, go to the Advanced properties of the URL, and change the default value for header-based content profile to "Parsed as JSON." Then select your JSON profile from the Profile Name List menu to assign it to that URL.
It's easier if your JSON profile is configured to protect a parameter. First, make sure that the PWD parameter (or whatever the name is) is an allowed parameter. If it is, make sure the Parameter Value Type is "JSON value." Then select your JSON profile from the JSON Profile list to assign it to that parameter. That should do it.
The masking is work after I change "Request Body Handling" in URL properties from "FORM data" to JSON in URL properties menu. Thanks for every suggestions.