Collection Encryption

• SearchBlox supports the encryption of content and specific meta fields.
• To enable encryption, you need to get a special license from SearchBlox. This license key is available to Platinum Support customers only.
• Please contact [email protected] for the license key.

Content Encryption

• Content Encryption is possible only for All types of collections.
• In content encryption the content field indexed which would have the text information extracted from a webpage or file in HTTP or File Collection respectively will get encrypted.
• Content from PST file also be encrypted with Email Collection
• If you have sensitive information such as credit card information, account details, etc. in a file that needs to be searchable but kept secure, then you can select the encryption option while creating the collection.
• When the content from a document is encrypted, it cannot be viewed by the user within the context of the search results.
• If the user searches for a term available in the encrypted content, the URL or document will come up in the search results.
• It is not possible to view the content even directly within Elasticsearch.
• To encrypt the content:
  • Enable encrypt option while creating a collection
  • Index the collection

Metadata Field Encryption

• Metadata Fields can be encrypted in CSV, Custom and Database Collection.
• If you have any sensitive information, it can be encrypted in an encrypted Custom, CSV and Database Collection.
• To encrypt the field:
  • Enable encrypt option while creating a collection
  • Field names need to start with deid_ as a prefix. For example, if 'ccnumber' is a meta field then it has to be named as deid_ccnumber. This can be done as part of a SQL we create for the Database Collection or as part of the field name we use for the CSV or REST API.
  • Index the collection

Steps to Enable Encryption for Content

1. Upload special encryption license in Admin > License
2. Enable Encryption option while creating a collection

3. Index the collection

4. For HTTP Collection, Filesystem Collection and Email Collection, the content and context will be encrypted. You can view the encrypted content in Elasticsearch.

5. For Custom, CSV, and Database Collection, the meta fields prefixed with deid_ will be encrypted.

5. This encrypted context and meta fields will be visible only to sensitive users in SearchBlox Realm and LDAP Realm has given that secure search is enabled for either one.

Encrypted Meta Field for Custom Collection

• As mentioned earlier it is possible to encrypt metadata fields. These fields should start with deid_ and have to be sent through API updatemetadata or add API requests.
• Please refer to a sample request updatemetadata as shown.
• To learn about updatemetadata API request read: Update Meta Data

{
         "apikey" : "31372006F71D0A874BBE0F02894C7E0A",
         "document" : {
         "colname" : "test",
         "url" : "http://www.searchblox.com",
         "meta":{
           "deid_location":"San Francisco",
           "deid_temp":"23",
           "deid_weather":"sunny
         }
     }
 }

Sensitive Users

In 9.2 while creating users in SearchBlox Realm and LDAP Realm you can enable or disable sensitive data access.

SearchBlox Realm

In SearchBlox realm you can enable sensitive search for a Manager user by selecting sensitive option while creating the user as shown in the screenshot:

LDAP Realm

In LDAP Realm you can enable sensitive search for a user belonging to a group by selecting the role to be sensitive while adding a security group as shown in the screenshot:

👍

Best Practices

• To encrypt the entire content use only HTTP, File Collection and Email Collection.
• To encrypt specific fields use Custom Collection, CSV Collection and Database Collections using prefix deid_ in the field name.
• Only Sensitive users can view the decrypt and view the encrypted content, so please create sensitive users when creating encrypted collections if you need to view the content/meta fields.