GDPR and PII (Personally Identifiable Information) Collected
SaaS solution hosted by MCG in Google Compute (GCP) is using AES-256 disk encryption (enforced for data disks and backups)
Customer-managed encryption key (CMEK) or Customer-supplied encryption key (CSEK) can be used, so MCG doesn’t have access to the encryption keys. See https://cloud.google.com/docs/security/encryption/default-encryption
GDPR/PII data can also be encrypted in UXM/Splunk databases with AES-256 in CBC mode, this option will limit the data searchability to only be searchable with full hostname, username, etc, it can be configured on a field level if encryption should be applied.
Users with decryption permissions can search the encrypted data if they use full hostname, username, etc and can decrypt the data per user/endpoint.
User information
KVStore ux_userinfo_lookup and `getIndexConfidentialData` source="monitor.endpoint.userinfo"
Field | Example | Description |
---|---|---|
cn | Firstname Lastname | Active Directory (AD) common name field |
company | Company of user | Active Directory (AD) company field |
department | Department of user | Active Directory (AD) department field |
distinguished_name | cn=firstname.lastname,ou=emea,dc=uxmapp,dc=local | Active Directory (AD) Distinguished Name which contains users place in organization unit. |
division | Division of user | Active Directory (AD) division field |
firstname.lastname@uxmapp.local | Active Directory (AD) mail field | |
manager | cn=firstname.lastname,ou=emea,dc=uxmapp,dc=local | Active Directory (AD) distinguished_name name of users manager |
name | firstname.lastname | Active Directory (AD) name field |
sam_account_name | firstname.lastname | Active Directory (AD) sam_account_name field |
title | Title of user | Active Directory (AD) title field |
user_principal_name | firstname.lastname@uxmapp.local | Windows UPN (user_principal_name) of user. |
username | firstname.lastname | Windows username of user. |
Endpoint device information
Field | Example | Description |
---|---|---|
hostname | CLIENT-HOSTNAME | Displays the hostname of the endpoint device that the user is working on. |
public_ip | 156.x.x.x | External (Public) IP Addresses of the endpoint devices seen from the UXM HF Collector |
internal_ip | 10.x.x.x | Internal IP Addresses of the endpoint devices |
internal_mac_address | XX:XX:XX:XX | Mac addresses of the endpoint device |
subnet | 255.255.x.x | Subnet for the IP Addresses of the endpoint devices |
wifi_bssid | BSSID of the WiFi connected to. | |
wifi_ssid | SSID of the WiFi connected to. | |
wifi_mac | MAC of the WiFi connected to. | |
identifying_number | Serial number of the machine used to lookup warranty information from Dell, Lenovo, HP. | |
client_device_name | CLIENT-HOSTNAME | (Virtual devices only) Displays the hostname that the user connected to Citrix/RDS from. |
client_address | 10.x.x.x | (Virtual devices only) Displays the IP address that the user connected to Citrix/RDS from. |