SearchBlox

SearchBlox Developer Documentation

Welcome to the SearchBlox developer documentation. Here you will find comprehensive technical documentation to help you start working with SearchBlox as quickly as possible, as well as support if you get stuck. Let's jump right in!

Guides

Collection Encryption

  • SearchBlox 9.2 supports the encryption of content and specific meta fields.
  • To enable encryption, you need to get a special license from SearchBlox. This license key is available to Platinum Support customers only.
    Please contact [email protected] for license key.

Content Encryption

  • Content Encryption is possible only for HTTP and Filesystem collection.
  • In content encryption the content field indexed which would have the text information extracted from a webpage or file in HTTP or File Collection respectively will get encrypted.
  • If you have sensitive information such as credit card information, account details, etc. in a file that needs to be searchable but kept secure, then you can select the encryption option while creating the collection.
  • When the content from a document is encrypted, it cannot be viewed by the user within the context of the search results.
  • If the user searches for a term available in the encrypted content, the url or document will come up in the search results.
  • It is not possible to view the content even directly within Elasticsearch.
  • To encrypt the content:
    • Enable encrypt option while creating a collection
    • Index the collection

Metadata Field Encryption

  • Metadata Fields can be encrypted in Custom, CSV, and Database Collection.
  • If you have any sensitive information, they can be encrypted in an encrypted Custom, CSV, or Database Collection.
  • To encrypt the field:
    • Enable encrypt option while creating a collection
    • Field names need to start with deid_ as prefix. For example, if ccnumber is a meta field then it has to be named as deid_ccnumber . This can be done as part of a SQL we create for the Database Collection or as part of the field name we use for the CSV or REST API.
    • Index the collection

deid field in REST API request for Custom Collection

deid field in table for Database Collection

Steps to Enable Encryption for Content

  1. Upload special encryption license in Admin -> License
  2. Enable Encryption option while creating a collection
  1. Index the collection
  1. For HTTP Collection and Filesystem Collection, the content and context will be encrypted. You can view the encrypted content in elasticsearch.
  1. For Custom, CSV, and Database Collection, the meta fields prefixed with deid_ will be encrypted.
  1. This encrypted context and meta fields will be visible only to sensitive users in SearchBlox Realm and LDAP Realm has given that secure search is enabled for either one.

Encrypted Meta Field for Custom Collection

  • As mentioned earlier it is possible to encrypt metadata fields. These fields should start with deid and have to be sent through API updatemetadata or add API requests.
  • Please refer to a sample request updatemetadata as shown.
  • To learn about updatemetadata API request read: Update Meta Data
{
         "apikey" : "31372006F71D0A874BBE0F02894C7E0A",
         "document" : {
         "colname" : "test",
         "url" : "http://www.searchblox.com",
         "meta":{
           "deid_location":"San Francisco",
           "deid_temp":"23",
           "deid_weather":"sunny
         }
     }
 }

Sensitive Users

In 9.2 while creating users in SearchBlox Realm and LDAP Realm you can enable or disable sensitive data access.

SearchBlox Realm

In SearchBlox realm you can enable sensitive search for a Manager user by selecting sensitive option while creating the user as shown in the screenshot:

LDAP Realm

In LDAP Realm you can enable sensitive search for a user belonging to a group by selecting the role to be sensitive while adding a security group as shown in the screenshot:

👍

Best Practices

  • To encrypt the entire content use only HTTP and File Collection.
  • To encrypt specific fields use Custom Collection and prefix deid_ in the field name.
  • Only Sensitive users can view the decrypt and view the encrypted content, so please create sensitive users when creating encrypted collections if you need to view the content/meta fields.

Updated 6 months ago



Collection Encryption


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.