GDPR and PII (Personally Identifiable Information) Collected
SaaS solution hosted by MCG in Google Compute (GCP) is using AES-256 disk encryption (enforced for data disks and backups)
Customer-managed encryption key (CMEK) or Customer-supplied encryption key (CSEK) can be used, so MCG doesn’t have access to the encryption keys. See default encryption
GDPR/PII data can also be encrypted in UXM/Splunk databases with AES-256 in CBC mode, this option will limit the data searchability to only be searchable with full hostname, username, etc, it can be configured on a field level if encryption should be applied.
Users with decryption permissions can search the encrypted data if they use full hostname, username, etc and can decrypt the data per user/endpoint.
User information
KVStore ux_userinfo_lookup and getIndexConfidentialData source="monitor.endpoint.userinfo"
| Field | Example | Description |
|---|---|---|
| cn | Firstname Lastname | Active Directory (AD) common name field |
| company | Company of user | Active Directory (AD) company field |
| department | Department of user | Active Directory (AD) department field |
| distinguished_name | cn=firstname.lastname,ou=emea,dc=uxmapp,dc=local | Active Directory (AD) Distinguished Name which contains users place in organization unit. |
| division | Division of user | Active Directory (AD) division field |
| firstname.lastname@uxmapp.local | Active Directory (AD) mail field | |
| manager | cn=firstname.lastname,ou=emea,dc=uxmapp,dc=local | Active Directory (AD) distinguished_name name of users manager |
| name | firstname.lastname | Active Directory (AD) name field |
| sam_account_name | firstname.lastname | Active Directory (AD) sam_account_name field |
| title | Title of user | Active Directory (AD) title field |
| user_principal_name | firstname.lastname@uxmapp.local | Windows UPN (user_principal_name) of user. |
| username | firstname.lastname | Windows username of user. |
Endpoint device information
| Field | Example | Description |
|---|---|---|
| hostname | CLIENT-HOSTNAME | Displays the hostname of the endpoint device that the user is working on. |
| public_ip | 156.x.x.x | External (Public) IP Addresses of the endpoint devices seen from the UXM HF Collector |
| internal_ip | 10.x.x.x | Internal IP Addresses of the endpoint devices |
| internal_mac_address | XX:XX:XX:XX | Mac addresses of the endpoint device |
| subnet | 255.255.x.x | Subnet for the IP Addresses of the endpoint devices |
| wifi_bssid | BSSID of the WiFi connected to. | |
| wifi_ssid | SSID of the WiFi connected to. | |
| wifi_mac | MAC of the WiFi connected to. | |
| identifying_number | Serial number of the machine used to lookup warranty information from Dell, Lenovo, HP. | |
| client_device_name | CLIENT-HOSTNAME | (Virtual devices only) Displays the hostname that the user connected to Citrix/RDS from. |
| client_address | 10.x.x.x | (Virtual devices only) Displays the IP address that the user connected to Citrix/RDS from. |