Modules/Utility/ScubaLoggingRedactions.json
|
{
"version": "1.0.0", "redactionText": "[***REDACTED***]", "patterns": [ { "name": "TenantDomain_Parameter", "pattern": "(-Organization\\s+['\"]?)([a-zA-Z0-9][a-zA-Z0-9-]*\\.onmicrosoft\\.(com|us))(['\"]?)", "enabled": true }, { "name": "TenantDomain_InText", "pattern": "(tenant\\s+)([a-zA-Z0-9][a-zA-Z0-9-]*\\.onmicrosoft\\.(com|us))([ ;,\"'])", "enabled": true }, { "name": "TenantShortName_InDirectory", "pattern": "(directory \\\\u0027)([a-zA-Z0-9][a-zA-Z0-9-]*)(\\\\u0027)", "enabled": true }, { "name": "AppID_Parameter", "pattern": "(-AppId\\s+['\"]?)([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})(['\"]?)", "enabled": true }, { "name": "AppID_AfterApp", "pattern": "(app\\s+)([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})([ ;,\"'])", "enabled": true }, { "name": "CertificateThumbprint", "pattern": "(-CertificateThumbprint\\s+['\"]?)([0-9a-fA-F]{40})(['\"]?)", "enabled": true }, { "name": "LocalUserPath", "pattern": "([C-Z]:\\\\Users\\\\)([^\\\\]+)(\\\\)", "enabled": true }, { "name": "LocalUserPath_JSONEscaped", "pattern": "([C-Z]:\\\\\\\\Users\\\\\\\\)([^\\\\]+)(\\\\\\\\)", "enabled": true }, { "name": "AppID_InQuotes", "pattern": "(identifier\\s+['\"])([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})(['\"])", "enabled": true }, { "name": "AppID_JSONEscapedQuote", "pattern": "(\\\\u0027)([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})(\\\\u0027)", "enabled": true }, { "name": "GUID_Blanket", "pattern": "([ :=,\"'\\(\\{])([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})([ ;,\"'\\)\\}\\n])", "enabled": false, "comment": "Catch-all for any GUID format. Runs last after specific patterns. May redact debugging IDs like correlation/request IDs - disable if troubleshooting." }, { "name": "EmailAddress", "pattern": "\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Z|a-z]{2,}\\b", "enabled": false } ] } |