Skip to Main Content
Cloud Management and AIOps

This is an IBM Automation portal for Cloud Management and AIOps products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.

Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal ( - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal ( - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM. - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Future consideration
Workspace Instana
Categories Tracing
Created by Guest
Created on Oct 13, 2023

Alert when sensitive data has been collected

Because IBM has a large number of customers in the Financial and Healthcare industries it is important to have the ability to alert when potentially sensitive data has been captured. For example: social security numbers, dates of birth, passwords, account numbers, or any combination of data that may be considered PII. Although the agent contains sql parsers which will recognize certain strings as sensitive data and obfuscate – it would be best if an event/alert could be created in the event that this data is collected within a trace.  This could be something that is completely configurable by the customers, for example:


Allow regular expressions within a JavaScript in Event creation, that regular expression could validated against the dataset collected within the traces.  Alert would be generated if conditions of the regular expression were true, example for a social security number:


var ssnRegex = /^(?!666|000|9\d{2})\d{3}-(?!00)\d{2}-(?!0{4})\d{4}$/;

// Check for SSN

ssnRegex.test('000-22-3333'); // Returns false

ssnRegex.test('100-22-3333'); // Returns true

If this returned true, an alert would be sent according to the configuration of said alert. Even though this is approaching the line of Application/Information Security - I firmly believe that the work that Instana does and the work that App/Info Sec does are directly related, Information is collect - we must have visibility and awareness to do our part in preventing InfoSec incident.

Idea priority Medium