How does Dynatrace protect sensitive user data?

Dynatrace captures a lot of data from your monitoring environment. Depending on your environment setup and data-privacy settings, some captured data may be protected by law or considered sensitive for other reasons. In such instances, you must take extra precautions to protect your customers' private data.

If your organization captures personal user data such as email addresses, IP addresses, or passwords in the course of monitoring, you should restrict view access to these sensitive data so that only authorized users can view them (IP address masking and User action name masking are available at Settings > Web & mobile monitoring > Data privacy). With these settings enabled, unauthorized Dynatrace users see only an obscured view of such masked data. For example, while unauthorized users can see all performance metrics related to the execution of a certain SQL statement, all sensitive values in the statement are represented with five asterisks (*****), and so are hidden from unauthorized access. Users with the View sensitive request data permission can override data masking settings.

Obscured data vs. aggregated data

While confidential user data may be represented by five asterisks for privacy reasons (*****), data are sometimes obscured for aggregation purposes—sometimes there's simply too much information to display on screen. Aggregated values are represented by three or fewer asterisks (***). Sensitive data values are never aggregated.

Sensitive data types

The following data types are considered sensitive

  • Requests attributes that are marked as confidential.
  • Exception messages
  • SQL and SQL database call bind parameters
  • URI, query string, headers, parameters, request attributes, and Servlet call session attributes
  • URI, query string, headers, parameters, and ASP.NET call server variables

View sensitive data

Users with the View sensitive request data permission can view masked data.

Mark request attributes as confidential

To mark a request attribute as confidential

  1. Go to Settings > Server-side service monitoring > Request attributes.
  2. Click the Edit button of the relevant request attribute.
  3. Select the Request attribute contains confidential data option box.