Problem statement
As part of our internal compliance, we need to ship the logs Auth0 generates to Splunk. We’ve seen that these logs might contain Personal Identifiable Information, so we are looking for ways to remove or mask these attributes.
I found this documentation page. However, it doesn’t show which type of event might contain PII.
How to mask or remove attributes with PII when sending them to Splunk?
Solution
It is not possible to purge/obfuscate PII from within tenant logs.
You would need to implement Log Streaming ( https://auth0.com/docs/customize/log-streams ) to a log analytic provider. In your case, this would be Splunk.
It would then be necessary to “scrub” the exported logs once they reach Splunk ( or your other log analytics provider ). It may be possible to do this entirely within Splunk ( or your other log analytics provider ). Otherwise, you would need to purchase a 3rd party SIEM solution to perform this task.