Data Policies
Create data policies to identify and obfuscate data in Lenses as well as identify applications consuming them.
This page describes how to use Lenses to create data policies to identify and mask data in Lenses as well as identify applications consuming them.
Data policies allow you to define data masking rules that redact data in Lenses based on field names. This applies to Kafka topics, Postgres tables and Elasticsearch indices.
Additionally, for each policy Lenses will identify not only the datasets involved but any application, e.g. SQL Processor or Connectors using this data.
For version below Lenses 6.0 omit the environment selection.
To view data policies go to Environments->[Your Environment]->Workspaces->Policies.
If no policies are listed you can load the default policies that come built into Lenses.
To create a policy, click New Policy. Enter the details.
If you wish to have no masking but use the policies to identify datasets containing certain fields set the Redaction to NONE.
To edit a policy, select the policy and edit from the actions menu.
To delete a policy, select the policy and delete it from the actions menu.
This page describes how to use Lenses to enable auditing to track every action in Lenses.
Lenses audits all user actions. Audit events can be viewed in Lenses and also sent to two channels, Splunk and Webhook.
For version below Lenses 6.0 omit the environment selection.
Audits can also written to a file by setting a file path in the lenses.audit.to.log.file option in lenses.conf. Lenses will then write audit entries to disk as JSON for collection by your log aggregation systems.
Go to Environments->[Your Environment]->Admin->Audits->Logs. Lenses will display the activity including, who performed the action and when. Details can also be viewed (dependent on the action).
To send audit logs to Splunk, you first need a Splunk connection. Go to Environments->[Your Environment]->Admin->Connection->New Connection and select Splunk.
Enter the connection details for your Splunk HTTP Event collector deployment.
Next, go to Environments->[Your Environment]->Admin->Audits->Channels->New Channel and select Splunk. Select a Splunk connection and set a Source.
First, you need a Webhook connection. Go to Environments->[Your Environment]->Admin->Connections->New Connection
Enter the URL, port and credentials.
Create a Channel to use the connection. Go to Environments->[Your Environment]->Admin->Audits->Channels->New Channel and select Webhook.
Choose a name for your Channel instance.
Select your connection.
Set the HTTP method to use.
Set the Request path. A URI-encoded request path, which may include a query string. Supports alert-variable interpolation.
Set the HTTP Headers
Set the Body payload
Lenses can also audit users' access to data and send events to multiple channels at the same time.
This page describes how to use Lenses to enable Kafka Quotas to ensure applications are well-behaved.
For version below Lenses 6.0 omit the environment selection.
To view Kafka ACLs go to Environments->[Your Environment]->Admin->Kafka->Quotas. Lenses will list the Quotas.
To create a quota, click New Quota. Select the type of quota and enter the corresponding details. For example, for, type, CLIENT, set the producer and consumer rates.
To delete a quota, click the trash can for the quota.
This page describes how to use Lenses to apply Kafka ACLs for Kafka Clients.
For version below Lenses 6.0 omit the environment selection.
Kafka ACLs are not linked to Lenses IAM.
To view Kafka ACLs go to Environments->[Your Environment]->Admin->Kafka->ACLS. Lenses will list the ACLs.
To create an ACL, click New ACL.
Click the trash can icon to delete an ACL.
This page describes how to use Lenses Self serivce and governance features for Kafka.
Lenses allows operators and users self-service operations across multiple resources. All actions are audited.
