MARKETPLACE
Monitor Sensitive Data
By Sisense
Regulatory requirements in various countries require that the event of viewing personally identifying information (PII) – such as address, full name, or ID – should be logged and monitored for future audit.
Regulatory requirements in various countries require that viewing sensitive data that can identify a person must be logged and monitored for future audit. This requirement applies to whenever someone is viewing identifiable information related to a person (such as address, full name, ID, etc.) the action must be monitored and logged.
This add-on enables the logging of information when any user views row-level data from specific tables and columns.
The level of logs can be modified to contain only the viewed field names or the viewed field values, as well.
The Monitoring Sensitive Data add-on consists of three components:
- Server-side microservice (Windows) or an external plugin (Linux): Creates a new POST logger REST API endpoint that logs data to the configured logs database.
- Client-side plugin: Notifies the user if sensitive PII is viewed.
- Server-side plugin: Intercepts JAQL requests to detect if sensitive PII is viewed.
Installation
Windows:
- Download and extract the add-on .zip file.
- Install the client-side plugin by copying the folder ./monitoringSensitiveData into the Sisense plugins folder:
C:Program FilesSisenseappplugins- If the folder doesn’t exist, create it.
- Configure the client-side add-on as described below.
- To install the microservice, run the PSE.Sisense.MonitoringSensitiveData.msi installer from the archive file.
- Configure the microservice as described below.
- Restart the windows service Sisense.MonitoringSensitiveData to apply the configuration changes.
- To install the server-side plugin, go to http://localhost:3030/ to open System Configuration.
- Click the Sisense top left logo five times to view advanced configurations.
- Click the Api-Gateway section.
- Under ServerSidePlugins, enable serverSidePlugins.enabled.
- Locate the ./monitorSensativeDataInterceptors folder under serverSidePlugins.dirPath.
- Click Save Changes.
- Click the Sisense top left logo five times to view advanced configurations.
- Configure the server-side plugin as described below.
- Restart the API-Gateway service by clicking Restart Services.
- Refresh the dashboard.
Linux:
- Download the installation package for Linux.
- Upload {pluginName}.tar.gz to the root folder /opt/sisense/storage or any other location using the File Manager or SSH.
- Connect to your server via SSH.
- Go to the plugin file folder and extract it:
`cd /opt/sisense/storage && tar -zxvf {pluginName}.tar.gz` - Navigate to the unarchive plugin folder: cd {pluginName}
- Run the installation script:
chmod +x install_plugin.sh && sh install_plugin.sh
Note: An external-plugins pod is restarted in Kubernetes. Make sure the service is up and running. - Configure the client-side add-on:
Configure /opt/sisesnse/storage/plugins/monitoringSensitiveData/config.js file (read more below).
Configure the interceptor:
Open the Configuration Manager page.
Scroll to the bottom of the page and click Show Advanced
Expand the Server Side Plugins section and enable the server side plugins.
Click Save.
Confirm that serverSidePlugins.dirPath is identical to the located interceptors path. - Configure the interceptor:
./opt/sisesnse/storage/serverSidePlugins/monitorSensitiveDataInterceptors/config.js file (read more below). - Refresh the dashboard.
Configuration
Configuring the client-side add-on:
The configuration file is located under ./plugins/monitoringSensitiveData/config.js
Configure sensitiveDataConf to set the text presented to the user when viewing sensitive PII.
Configuration file example:
- message The message presented when the user navigates to a dashboard that contains sensitive PII
- dismiss Dismiss sensitive data popup button text
- doNotShowAgain “Do not show again” sensitive data popup button text
- linkUrl URL to redirect to when clicking the link button (More details)
- linkName Link button name (More details)
- allowLink true/false, to show or hide the link
- allowDoNotShowAgain true/false. Set to true to permanently present the dismiss sensitive data viewed popup
- show true/false. Set to true to enable the sensitive data viewed popup
Configuring the Server-side plugin:
Configuration file location
Windows: C:/Program Data/sisense/serverSidePlugins/monitorSensitiveDataInterceptors/src/config.js
Linux: /opt/sisesnse/storage/serverSidePlugins/monitorSensitiveDataInterceptors/src/config.js
In the server-side configuration file, you can configure which data is considered sensitive PII, and which actions should be logged:
- dataForLogs: A list of all columns or tables that are considered sensitive PII and should be logged by their names
- dataDims: A list of all columns that are considered sensitive PII and should be logged by their value.
- monitoredActions: A list of user actions that should be logged in case of viewing sensitive PII.
Configuring the External-plugin/Microservice
The Configuration file location is :
Windows: C:/Program Files/Sisense/app/monitoringSensitiveDataService/config.js
Linux: /opt/sisense/storage/external-plugins/apiPlugins/plugins/monitoringSensitiveData/v1/config.js
- appConfig logger configuration
- activeLogger: The active database logger, which uses MSSQL or MongoDB.
- loggerFilePath: The absolute path to the log file.
- maxLogFileSize: The maximum size of the log file. When the file size exceeds this value, a new log file is created with the incremented suffix number.
- maxLogFilesDaysLifeTime: The allowed storage time. The log files will be automatically removed after this time expires.
- mongoConfig (optional): MongoDB configurations should be set in case the active log was set to mongodb
- sourceDB: The log database name. The database must be created.
- sourceTable. The log table name. The table will be created automatically if it does not already exist.
- connectionString: The MongoDB connection string. Use the following guide to create a user for Sisense MongoDB authentication: https://documentation.sisense.com/latest/administration/application-database/access-sisense-application-database.htm
- mssqlConfig (optional). MSSQL configurations should be set in case the active log was set to MSSQL.
- sourceDB: The log database name. The database must be created.
- sourceTable: The log table name. The table must be created.
- connectionString: The MSSQL connection string.
- encrypt true/false. Defines if the connection will be encrypted.
Notes:
- FieldToLog will be the actual name of the column from the ElastiCube. If there are multiple columns to log, they will all be specified in a table.
- Dashboard ID instead of the dashboard name is logged when exporting to Excel.
- Monitor Sensitive data supports only MSSQL or MongoDB as logs databases.
This is a premium Sisense add-on. For pricing details please get in touch with your CSM
Version 2.2.7 – Sept 27, 2022
- Bug Fixes
Version 2.2.2 – July 26, 2022
- Added support for Excel export V2 engine
Version 2.2.1 – July 11, 2022
-
Added support for L2022.6, W2021.6, W2022.3
-
Improved logging performance
-
Bug fixes
Version 2.1.6 – Mar. 10, 2022
- Added support for L2022.3
- Fix versionChecker for MSD plugin on develop (internal, for automation)
Version 2.1.5 – Feb. 10, 2022
- Added support for L2022.2
- Installation steps have been changed to support installation with scripts
Version 2.1.5 – Dec. 24, 2021
- Fixed issues: Widget image export is not logged in IE browser
Version 2.1.3 – Dec. 14, 2021
- Added support for L2021.12
- Added support for L2022.1
Version 2.0.22 – Nov. 01, 2021
- Added support for L2021.11.0
- Added support for W2021.9.0
Version 2.0.22 – Sept. 27, 2021
- Added support for L2021.10.0
Version 2.0.22 – Sept. 03, 2021
- Added compatibility with Sisense L2021.9.0
Version 2.0.22 – Aug. 17, 2021
- Added compatibility with Sisense L2021.8.0
Version 2021.6 – July 22, 2021
May 18, 2021
- Fixed issue with missing logs in specific cases
Version 2.0.14 – May 2, 2021
- Support for version Linux L8.2.6 added
Versions L2021.1.1 and L2021.1.4 – April 10, 2021
Versions 8.2.0, 8.2.5 and L8.2.6 – Feb. 05, 2021
Version 2.0.7 – Aug. 9, 2020
- A logger server-side component was added for security purposes. All logging of sensitive data is done on the server-side instead of the client-side.
Version 8.2.3 July 28, 2020
Version L8.0.5 – July 1, 2020
Version 8.2.2 – June 16, 2020
Version 8.2.1 – May 19, 2020
Version 8.2 – April 22, 2020
Feb. 24, 2020
- Added support of Windows 8.1.1
- Fixed error in Admin Tab in case plugin is enabled
- Fixed error in console once user opens dashboard with data to log
- Fixed: View dashboard filter is not logged once user opens edit filter window
Version L8.1.0 – Jan. 14, 2020
Version 8.1 – Dec. 20, 2019
Aug. 25, 2019
- Solution rewritten on NodeJS microservices
- Added support for 7.4. The installation section was updated
Aug. 4, 2019
- Issue fixed for conflict with background filters