Realm Privacy Guard

Realm Privacy Guard is a module within the Realm Platform designed to simplify governance and the management of sensitive data within a SOC's logging data strategy.

In modern distributed architectures, where the volume of ingested data often outpaces manual privacy management, Privacy Guard acts as an intelligent proxy within the Realm Security Data Pipeline. By leveraging the Realm AI engine, it proactively discovers and redacts sensitive information, such as PII, PHI, and PCI data, based on global regulatory frameworks (HIPAA, CCPA, GDPR, and PCI-DSS). This ensures organizations can build and maintain compliant data lakes and SIEMs by securing data in transit without sacrificing the operational utility of security logs.

Outcomes

• AI-Powered Sensitive Data Discovery & Redaction The Realm AI engine proactively drives the discovery of sensitive data by mapping log fields to global regulatory frameworks. By utilizing Realm's built-in recommendations and transforms engine, the platform simplifies the creation of redaction rules, suggesting optimal strategies tailored to your specific log sources to ensure compliance with the latest standards without manual oversight.
• SIEM-Safe Redaction Our SIEM-safe redaction technology ensures that sensitive fields are obfuscated or masked without altering the structural integrity or schema of the log data. This allows your SIEM parsers, correlation rules, and threat detection logic to continue functioning perfectly, maintaining full security visibility while ensuring rigorous data privacy.

Key Features

Realm Privacy Guard is managed via a single unified interface located within the Transforms tab on the Destination page.

• Unified Configuration: Centralize your redaction strategy and manage all field-level rules directly within your destination pipeline.
• Field Value Replacement: Replaces identified sensitive field values with the constant string [REALM REDACTED]. This process prevents raw PII from persisting in standard downstream indices, but allows users to understand that the data was redacted within Realm.
• Intelligent Recommendations: Access source-specific recommendations for redactions based on sensitive data patterns in your input feeds.
• Event Capture: Users can verify their rules by viewing an event capture of matching logging events that will have redactions.

Getting Started: Creating a Redaction Rule

This guide outlines the streamlined workflow for creating a Redaction Rule, demonstrated through the redaction of access_credentials and usernames from a security product log.

1. Access Configuration: Navigate to the Destination page and select the Redact tab within the Transforms page to view environment-specific recommendations.
   1. 
2. Add Rule: Select the target data source (e.g., Okta, Zscaler) and click the Add + button to initialize a new Redaction Rule.
   1. 
3. Rule Details: Provide a descriptive name and an optional description to document the compliance purpose of the rule for audit trails.
4. Define Scope: Set event-level scope (e.g., event.type == "login") to focus redaction on high-risk log events.
5. Specify Fields: Choose specific fields for redaction manually or accept Realm's auto-discovery recommendations.
   1. 
6. Verify & Preview: Run an Event Capture to confirm that targeted data is replaced with [REALM REDACTED] while maintaining the valid structure.
7. Deploy: Once verified, promote the rule to production to begin real-time data redaction.

Data Transformation Example

Original Log Example:

{
  "timestamp": "2026-01-14T16:41:00Z",
  "event_type": "login_attempt",
  "auth_event": {
    "credentials": "token_a1b2c3d4e5f6",
    "method": "API_KEY"
  },
  "user_metadata": {
    "name": "john_doe",
    "source_ip": "192.168.1.100"
  }
}

Redacted Log Example:

{
  "timestamp": "2026-01-14T16:41:00Z",
  "event_type": "login_attempt",
  "auth_event": {
    "credentials": "[REALM REDACTED]",
    "method": "API_KEY"
  },
  "user_metadata": {
    "name": "[REALM REDACTED]",
    "source_ip": "192.168.1.100"
  }
}

Forensic Investigations

While standard pipelines redact data for general use, forensic investigations may require access to original unredacted values. Realm’s pipeline can be enhanced with Data Haven to provide a secure retrieval path from an encrypted archive.

Authorized investigators can retrieve unredacted data from Data Haven and route it to high-sensitivity, restricted indices or tables within the SIEM. This ensures the broader team only interacts with sanitized data while maintaining full investigative capabilities for a subset of privileged users. See more about Data Haven here.

Realm Privacy Guard is a subscription feature available through Realm. Please contact your sales representative for detailed information regarding licensing, retention options, and subscription tiers.