Netify Netify logo Contact Us
Products Resources Documentation Blog Sign In

Privacy

You can apply custom configuration changes to the Netify Agent to anonymize data before it is passed to any plugin. This allows you to align data handling with privacy requirements and internal compliance policies. All changes are made directly in the Netify configuration file, giving you full control over how sensitive information is processed and shared.

Configuration Settings

All privacy settings are configured in Netify's policy configuration file, /etc/netifyd/profiles.d/00-default.conf . If it does not already exist, create a new section for privacy settings as follows: 

[privacy_filter]

Masking WAN IP Addresses

To prevent your WAN IP address(es) from being stored in any dataset, set the private_external_addresses attribute to true. Enabling this directive will obfuscate all WAN addresses with 127.255.0.n or fe:80::ffff:7fff::n , where n is substituted with an internal capture source ID, starting at 1 . 

[privacy_filter]
private_external_addresses = true

Obfuscate LAN IP

To obfuscate one or more LAN IP addresses, add each IP address using the host[n] attribute: 

[privacy_filter]
host[0] = 192.168.1.1
host[1] = 192.168.1.2
...
host[n] = 192.168.1.n

Setting this directive will result in any lower IP address matches being converted to 127.255.0.253 or fe:80::ffff:7fff::fd , and 127.255.0.254 or fe:80::ffff:7fff::fe for upper IP address matches. If you would like to obfuscate an IP but maintain individuality, use two or more pattern matching directives instead (see below).

Obfuscate MAC Address

Similar to the host example above, to obfuscate one or more MAC addresses, use the mac attribute: 

[privacy_filter]
mac[0] = a3:c7:43:00:00:00
mac[1] = a3:c7:43:00:00:01
...
mac[n] = a3:c7:43:00:00:nn

Any matching MAC address will be converted to 00:52:14:00:00:00 if it is found in the lower MAC field, or 00:52:ff:00:00:00 if it occurs in the upper MAC field. If you would like to obfuscate a MAC but maintain individuality, use two or more pattern matching directives instead (see below).

Pattern Match/Replace

Netify's pattern match and replace engine is a powerful regular expression engine that performs post-processing bulk regex statements prior to metadata being made available via any plugin. Search strings are case-insensitive. It is recommended to keep the format of the data intact. For example, an IPv4 address of 192.168.1.1 should be replaced with 0.0.0.0 , rather than Johnson's Desktop.

While the regex engine is much more powerful, it does require more processing power than the other options. Also, it may not be available on all platforms (such as some embedded devices). Feel free to contact us if you would like more information. 

[privacy_filter]
regex_search[0] = Acme
regex_replace[0] = A___

The preceding configuration code would replace all cases of Acme found or extracted in the metadata with A___ to preserve the identity of the Acme organization or brand. Examples include:

  • acme.com
  • Acme.local
  • ACME.DELL.WORKGROUP.LAN
  • acme.sharepoint.microsoft.com