Netify Netify logo Contact Us
Products Resources Documentation Blog Sign In

Privacy

Overview

You can make custom configuration changes to the Netify agent that will anonymize any data before being passed on to any plugin. All changes can be made from the command line using an editor of your choice on the Netify configuration file.

If you are using Netify Informatics or sending data to any third-party service, set up privacy filter settings before enabling data sinks.

Configuration Settings

All privacy settings are configured in Netify's main configuration file, /etc/netifyd.conf.

In /etc/netifyd.conf, create (if missing) a privacy section as follows:

[privacy_filter]

Masking WAN IP Addresses

To remove your WAN IP address(es) from showing up in any dataset, set private_external_addresses to true.

[privacy_filter]
private_external_addresses = true

Obfuscate LAN IP

If you would like to obfuscate one or more LAN IP addresses, use the host attribute:

[privacy_filter]
host[0] = 192.168.1.1
host[1] = 192.168.1.2
...
host[n] = 192.168.1.n

Setting this directive will result in any listed IP being converted to 1.2.3.1 if it is in the local field, and 1.2.3.2 if it occurs in the other field.

If you would like to obfuscate an IP but maintain individuality, use two or more pattern-matching directives instead.

Obfuscate MAC Address

Similar to the host example above, to obfuscate MAC addresses use the mac attribute:

[privacy_filter]
mac[0] = a3:c7:43:00:00:00
mac[1] = a3:c7:43:00:00:01
...
mac[n] = a3:c7:43:00:00:nn

Any matching MAC address will be converted to 01:02:03:04:05:06 if found in the local MAC field or 0a:0b:0c:0d:0e:0f if in the other MAC field.

If you would like to obfuscate a MAC but maintain individuality, use two or more pattern-matching directives instead.

Pattern Match / Replace

Netify's Pattern Match and Replace engine performs post-processing regular-expression statements prior to metadata being available to plugins. Search strings are case-insensitive. Keep the data format intact where possible (e.g. replace IPv4 addresses with IPv4-style obfuscated values). 

[privacy_filter]
regex_search[0] = Acme
regex_replace[0] = A___

While the regex engine is powerful, it requires more CPU and may not be available on all platforms. Contact us for details.

The preceding configuration would remove cases of Acme in metadata and replace them with A___ to preserve identity. Examples include:

  • acme.com
  • Acme.local
  • ACME.DELL.WORKGROUP.LAN
  • acme.sharepoint.microsoft.com