Enable Enhanced 'Redaction Settings'

Feature Overview
The Enhanced 'Redaction Settings' feature allows administrators to define custom search and replace regex patterns to redact sensitive data from inbound and outbound email content, as well as API channel ticket content. This feature offers powerful flexibility but must be used with extreme caution—once data is redacted, it cannot be recovered, and misconfigured rules can have serious consequences.


How to Enable Enhanced Redaction Settings

  1. Navigate to Settings → General → Account Settings.
  2. Enable the 'Redact Sensitive Data' toggle.
    • This is the standard feature that redacts credit card information in inbound and outbound messages across API and email channels.
  3. Once 'Redact Sensitive Data' is enabled, a new toggle for 'Enhanced Redaction Settings' will appear under the Feature Enhancements (Beta) section.
  4. Enable the 'Enhanced Redaction Settings' toggle.
  5. Save your changes.

Accessing the Redaction Settings Page

Once the feature is enabled:

  1. Navigate to Settings → General → Redaction Settings.
    (Refer to the screenshot below for guidance.)

  2. On this page, you can define, manage, and prioritise your custom redaction rules.

Defining Redaction Rules

  • Add Multiple Rules: Create as many rules as needed. Rules are processed sequentially from top to bottom in priority order. Use drag-and-drop functionality to rearrange the order of rules.
  • Components of a Rule:
    • Search Patterns: Define patterns to detect sensitive data in the content (using regex).
    • Replace Pattern: Define how you want the matched data to be masked or replaced.


Regex Example: Credit Card Redaction

Example Rule

  • Search Pattern:

    (?-mix:((5[1-5]\d{2}[ -]?\d{2}|6771[ -]?89|222[1-9][ -]?\d{2}|22[3-9]\d[ -]?\d{2}|2[3-6]\d{2}[ -]?\d{2}|27[01]\d[ -]?\d{2}|2720[ -]?\d{2})\d{2}[ -]?\d{4}[ -]?\d{4}))

    This regex identifies a range of credit card numbers, such as Mastercard and other card formats:

    • 5[1-5] matches cards starting with 51-55.
    • 6771 89 and other patterns capture additional valid formats.
    • It handles optional separators like spaces ([ -]?).
  • Replace Pattern:

    (?<=\d{6})\d(?=\d{4})

    This masks the digits in the middle of the card number while retaining the first six and last four digits:

    • (?<=\d{6}) looks for six digits before the matched segment.
    • \d targets the digits to redact.
    • (?=\d{4}) ensures four digits are left intact at the end.

Example Input and Output

  • Original Input: 5454545454545454
  • Redacted Output: 545454######5454

Important Notes

  1. Responsibility for Redaction Rules:
    Enabling Enhanced Redaction Settings replaces the standard credit card redaction logic, meaning you must define your own rules for all sensitive data types. Ensure your configurations are thoroughly tested before applying them in production.
  2. Irreversible Data Redaction:
    Once redacted, the data is permanently masked and cannot be recovered. Misconfigurations may lead to unintended redaction of critical information.
  3. Security and Compliance:
    Redacted content is saved in its redacted state in the database, ensuring sensitive data is never stored in an unmasked format.

Published

Last updated

0
0