Alert when sensitive data has been collected

Because IBM has a large number of customers in the Financial and Healthcare industries it is important to have the ability to alert when potentially sensitive data has been captured. For example: social security numbers, dates of birth, passwords, account numbers, or any combination of data that may be considered PII. Although the agent contains sql parsers which will recognize certain strings as sensitive data and obfuscate – it would be best if an event/alert could be created in the event that this data is collected within a trace.  This could be something that is completely configurable by the customers, for example:

Allow regular expressions within a JavaScript in Event creation, that regular expression could validated against the dataset collected within the traces.  Alert would be generated if conditions of the regular expression were true, example for a social security number:

var ssnRegex = /^(?!666|000|9\d{2})\d{3}-(?!00)\d{2}-(?!0{4})\d{4}$/;

// Check for SSN

ssnRegex.test('000-22-3333'); // Returns false

ssnRegex.test('100-22-3333'); // Returns true

If this returned true, an alert would be sent according to the configuration of said alert. Even though this is approaching the line of Application/Information Security - I firmly believe that the work that Instana does and the work that App/Info Sec does are directly related, Information is collect - we must have visibility and awareness to do our part in preventing InfoSec incident.