Skip to main content
Skip table of contents

The Sensitive Data Masking Parameter


The Sensitive Data Masking feature allows the detection and masking of clear text data displayed in the active window (only) on Windows Client computers based on custom regex (i.e. regular expression) values defined.


All the data detected is masked in the Session Viewer as follows:

In the Session Player: The sensitive data detected is blurred.

In the Metadata grid (and in the Details area): The sensitive data is hidden (i.e. replaced by asterisks) for clipboard operations (i.e. cut/copy/paste) and keystrokes (i.e. keyboard input).


So, as well as detecting all user actions, Syteca can also detect the clear text data displayed on the screen and recorded (including data cut/copied/pasted or typed on the keyboard by users) that is stored in clear text, such as:

 Passwords.

 Credit/debit card numbers.

Social security numbers (SSNs).

Other text data (as defined using regex).


The data is immediately masked in real time (including in live sessions), and encrypted in the database, as it is not permitted to record and store this data in organizations worldwide according to consumer protection security compliance programs (e.g. PCI DSS compliance). 

NOTE: The Keystroke Logging and Password Masking and Pseudonymizer privacy and compliance-related features may also be of interest.


NOTE: This feature is only available when the User Activity Monitoring application is enabled in the product license serial key.


Table of Contents


1. Configuration


To configure the Sensitive Data Masking feature for a Windows Client (or all the Windows Clients in a Client group), do the following:

1. Click the Clients navigation link (on the left).

2. On the Clients page that opens, editing the required Client (or Client group).

3. On the Editing Client (or Editing Client Group) page.

4. On the User Activity Recording tab, in the Screen Capture Settings section, select the Capture active Window only checkbox.

   

5. On the Privacy Settings tab, move the Enable Sensitive Data Masking toggle to the right to enable this feature:

NOTE: The Sensitive Data Masking feature cannot be enabled unless the "Capture user activity only option" is first enabled (see above).

6. Click the Add button to define new regex policy rules that will be applied to the Client / Client group (or edit an existing rule by clicking on the Edit (

) icon).

   

7. Enter a Name and a Regex value for a rule, and then click the Checkmark (

) icon to check the regex syntax of the rule (where if the syntax of a regex value entered is invalid, a red error message is displayed, and it is not possible to add the rule until a valid value is entered.

NOTE: Multiple rules work in combination with each other using OR logic, so if the system detects the regex value defined in any rule, then the corresponding data is masked by the system.

NOTE: It is recommended to use several simple rules, rather than one complex rule, as in this way, the system consumes fewer resources.

8. After adding all the required rules, click the Finish button (in the bottom right of the page) to save the changes.

    


2. How Does Data Masking Work?


In the Session Player, the clear text data detected that matches the regex value defined in any rule is blurred in the screen captures recorded (in Interval Capture recording mode).

NOTE: Sensitive Data Masking is not currently supported (when recording video) in Full-Motion Capture mode.


In the Metadata displayed (in the Metadata grid on the right in the Session Viewer, as well as in the Details area at the bottom), the clear text data detected that matches the regex value defined in any rule is hidden (i.e. replaced by asterisks) as follows:

keystrokes (i.e. keyboard input):

- [Keystrokes]: **************

clipboard operations (i.e. cut/copy/paste): 

- [Clipboard (Copy)]: **************

- [Clipboard (Paste)]: **************


When the Enable Sensitive Data Masking toggle is enabled and a regex rule is configured (see above), the system starts detecting the clear text data defined in the rule.

Whenever the Syteca Client identifies clear text data matching the regex value on the screen, the data is masked (i.e. blurred or hidden) immediately.

NOTE: In some cases, not only the required data, but the whole screen is blurred in the Session Player (e.g. when the system detects the defined regex value in the active window, but cannot blur the exact location immediately (i.e. not quickly enough) for technical reasons, and is therefore timed out).


3. Applications Supported


The Sensitive Data Masking feature is only currently available for the Windows operating system, and only when using the following applications (on Client computers monitored):

Google Chrome browser

Microsoft Edge browser

Microsoft Outlook (both the new and classic versions)

Microsoft Word

Notepad++


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close