Depending on your environment setup and data-privacy settings, some captured data may be protected by law or considered sensitive for other reasons. In such instances, you must take extra precautions to protect your customers' private data.
Dynatrace has 3 levels of protection in place concerning personal data.
- Scrubbing of data at the point of capture: In this case, the data in question don't leave the monitored process or the end user's browser.
- Scrubbing of data prior to storage: In this case the data in question is processed by Dynatrace to allow for better analysis, but the original data is scrubbed prior to storage. Scrubbed data portions are replaced with the string
- Masking of data on display: In this case, data is stored but only presented to users who have the View sensitive request data permission. All other users will see that the data point exists but the personal data is masked out with
Dynatrace automatically masks certain data points at the point of capture. This happens within the application or browser (such data never leaves the application or browser). Masked values are replaced with
- Literals and numbers that are part of the
whereclause of a SQL statement
- Bind parameters of a SQL statement
- URL query parameters in exception messages
- IBAN and credit card numbers
If your organization captures personal end-user data that is subject to GDPR regulations, go to Settings > Preferences > Data privacy and enable the data masking option. This settings page contains several configuration flags that allow you to enable proper masking of captured data.
Masking of IP addresses and GPS coordinates
Dynatrace captures IP addresses of end users to determine the region from which they access your application.
Once enabled, IP address masking sets the last octet of monitored IPv4 addresses and the last 80 bits of IPv6 addresses to zeroes. GPS coordinates are rounded up to to 1 decimal place (~10km). This masking occurs on the Dynatrace cluster prior to storage. Full IP addresses are never written to disk. Location lookups are made using anonymized IP addresses and GPS coordinates.
Masking of personal data in URLs
Dynatrace captures the full URIs of requests that are sent from browsers (mobile and desktop) and requests that are sent and received within monitored server-side processes.
Once enabled, Dynatrace will
- Automatically detect UUIDs, IBANs, IP addresses, and other IDs in the URL path and replace these parts with a string like
- Replace query parameter values with the string
Masking of user action names (Web applications only)
When Dynatrace detects a user action that triggers a page load or an AJAX/XHR action, it constructs a name for the user action based on:
- User event type (for example
loading of page..., or
key press on...)
- Title, caption, label, value, ID, className, or other available property of the related HTML element (for example, image, button, checkbox, or text input field).
In most instances, the default approach to user action naming works well, resulting in user action names such as:
click on Search on page /search.html
keypress on Feedback on page /contact.html
touch on Homescreen of page /list.jsf
In rare circumstances however, confidential data (for example, email addresses, usernames, or account numbers) may be unintentionally included in user action names because the confidential data is included in an HTML element label, attribute, or other value (for example,
click on my Account Number: 1231231). If such confidential data appears in your application’s user action names, you should enable User action name masking. This setting replaces specific HTML element names and values with generic HTML element names. With user action name masking enabled, the user action names listed above would change to:
click on INPUT on page /search.html
keypress on TEXTAREA on page /contact.html
touch on DIV of page /list.jsf
Dynatrace automatically considers certain data points it captures as sensitive and only displays them to users who have the View sensitive request data permission. All other users will see that the data point exists but the personal data is masked out with
*****. Thus the data is protected from view by unauthorized personal.
Personal data types
The following data types are considered sensitive and are masked from display:
- Requests attributes that are marked as confidential.
- Client IP addresses
- Exception messages
- URL query parameters
- HTTP Headers
- HTTP Post parameters
- Original captured method argument values (the resulting request attribute is treated separately)
Mark request attributes as confidential
Dynatrace allows you to decide whether a request attribute should be treated as confidential or not. For this and other obvious reasons, users who are authorized to define request attributes must have the Configure capture of personal data permission. For complete details, see How do I configure Dynatrace to protect personal data?