This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PCI question

Hi all,

Here's a shot in the dark....

Would it be possible to configure the rules such that on detection of a sequence of characters, or rather a pattern, or patterns of characters that matched say ... a credit card number, for the system to record the source IP / date / time etc of the request?

This way, I could place the ASG between my legacy financial systems and log the accesses to CC data.

I guess this is a bit of a distraction from IDS/IPS rules, but it may help my requirements.

Thanks

This thread was automatically locked due to age.

Parents

0 jjohnston62 over 18 years ago

Hmmmm.... well, my first reaction would be that I hope not, both for your sake and the system. Rules are probably examining for specific header information - what you're looking for is in the data, and if it's credit card stuff, should be encrypted anyway and therefore not readable.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 jjohnston62 over 18 years ago

Hmmmm.... well, my first reaction would be that I hope not, both for your sake and the system. Rules are probably examining for specific header information - what you're looking for is in the data, and if it's credit card stuff, should be encrypted anyway and therefore not readable.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data