Articles on: Scanner Rules Knowledge Bundle

How to customize the Astra Traffic collector

Customizing Traffic Collector Configuration



Sensor can be customized to filter, templatize and redact the traces generated from traffic. These customization are present to give flexibility to the customer to define a rule to choose a trace to be monitored. Similarly, personally identified information in the trace can be redacted before it reaches Astra's server. This way it can be ensured that no sensitive data leaves customers environment. Lets look at configuring each of them in detail.

Custom yaml file: custom_config.yaml needs to be created locally. It can be obtained from https://github.com/getastra/obs-client-collector/blob/main/config_custom.yaml. All the further suggested customization can be done to this file.

Filtering



Filtering can be achieved based on a trace attribute: "url.host". Primarily, filtering can be divided into AllowListing and ExcludeListing.

AllowListing refers to allowing the traces orginated from the specfifc host/pattern.
ExcludeListing refers to excluding the traces matching specific host/pattern.

Steps to perform allow listing and deny listing

Edit the custom_config.yaml as shown below:

processors:
  filter/custom:
      error_mode: ignore
      traces:
        span:
          ## allowing traces based on hostname regex pattern. Following will drop all traces originated from host other than: localhost*
          - IsMatch(attributes["url.host"], "localhost*") == false
          ## excluding traces based on hostname regex pattern. Following will drop all traces originated from host: localhost*
          - IsMatch(attributes["url.host"], "localhost*")


Templatizing



Templatizing is a useful way to templatize the API Path. Although Astra takes care of templatizing integer, UUID, ULID, Timestamp etc, still there is a flexibility for the customers to write their own templates for the pattern that they are aware of.

Steps to perform allow listing and deny listing

Edit the custom_config.yaml as shown below:

processors:
  transform/custom:
    error_mode: ignore
    trace_statements:
      - context: span
        statements:
          ## Templatize url path regex pattern by keyword: "slug". Following will templatize the url Path: /api/v1/chinchikrqwertyuiop/ -> /api/v1/{{slug}}/
          - replace_pattern(attributes["url.template"], "chinchikr*", "{{slug}}")
          ## Redact MasterCard credit card number
          #- replace_all_patterns(attributes, "value", "^5[1-5][0-9]{14}$", "{{card}}")



Redacting



Redacting can be achieved by finding the right regex pattern to be redacted. Redaction ensures that sensitive information are not leaving customers environment

Steps to perform allow listing and deny listing

Edit the custom_config.yaml as shown below:

processors:
  transform/custom:
    error_mode: ignore
    trace_statements:
      - context: span
        statements:
          ## Redact MasterCard credit card number
          - replace_all_patterns(attributes, "value", "^5[1-5][0-9]{14}$", "{{CreditCard}}")

Updated on: 03/10/2024

Was this article helpful?

Share your feedback

Cancel

Thank you!