Privacy Settings

Privacy

Overview

You can make custom configuration changes to the Netify agent that will anonymize any data before being passed on to any plugin. All changes can be made from the command line using an editor of your choice on the Netify configuration file.

If you are using Netify Informatics or sending data to any 3rd party service, it is advised to set up the privacy filter settings before enabling data sinks.

Configuration Settings

All privacy settings are configured in Netify's main configuration file, /etc/netifyd.conf.

In etc/netifyd.conf, if there isn't already, create a new section for privacy settings as follows: 

[privacy_filter]

Masking WAN IP Addresses

To remove your WAN IP address(es) from showing up in anydataset, set private_external_addresses attribute to true. 

[privacy_filter]
private_external_addresses = true

Obfuscate LAN IP

If you would like to obfuscate one or more LAN IP addresses, use the host attribute: 

[privacy_filter]
host[0] = 192.168.1.1
host[1] = 192.168.1.2
...
host[n] = 192.168.1.n

Setting this directive will result in any of your IP addresses listed being to to 1.2.3.1 if they are in the local field, and 1.2.3.2 if they occur in the other field.

If you would like to obfuscate an IP, but maintain individuality, use two or more Pattern Matching directives instead (see below).

Obfuscate MAC Address

Similar to the host example above, if you would like to obfuscate one or more MAC addresses, use the mac attribute: 

[privacy_filter]
mac[0] = a3:c7:43:00:00:00
mac[1] = a3:c7:43:00:00:01
...
mac[n] = a3:c7:43:00:00:nn

Any matching MAC address will be converted to 01:02:03:04:05:06 if it is found in the local MAC field or 0a:0b:0c:0d:0e:0f if it occurs in the other MAC field.

If you would like to obfuscate a MAC, but maintain individuality, use two or more Pattern Matching directives instead (see below).

Pattern Match/Replace

Netify's Pattern Match and Replace engine is a powerful regular express engine that performs post-processing bulk regex statements prior to metadata being available via any plugin.

Search strings are case-insensitive. It is recommended you try to keep the format of the data intact. As an example, an IPv4 address of 192.168.1.1 should be replaced with 0.0.0.0, rather than Johnson's Desktop.

[privacy_filter]
regex_search[0] = Acme
regex_replace[0] = A___
While the regex engine is much more powerful, it does require more processing power than the other options. Also, it may not be available on all platforms (some embedded devices). Feel free to contact us if you would like more information.

The preceding configuration code would remove all cases of Acme that might be found/extracted in the metadata and replaced with an A___ to preserve the identity of the "Acme" organization/brand. Examples include:

  • acme.com
  • Acme.local
  • ACME.DELL.WORKGROUP.LAN
  • acme.sharepoint.microsoft.com

Documentation


Netify DPI Agent


Technical Support

Haven't found the answers you're looking for?

Contact Us