I recently had a customer that wanted to make sure that PII data like SSN and Acct number was masked or more specifically removed from the Incident Description field in ServiceNow. I looked at using "Field Normalization > Transformations" rules to use regex expressions to mask this but ran into issue where it was only masking the first occurrence of the pattern when that pattern occurred multiple times in the description field. See example data below:

Joe 305-44-5678 3456-2345-2342-2345

Jimmy 306-66-3345 2345-2345-1234-1235

Joe 305-44-5678 3456-2345-2342-2345

Jimmy 306-66-3345 2345-2345-1234-1235

Joe 305-44-5678 3456-2345-2342-2345

Jimmy 306-66-3345 2345-2345-1234-1235

I believe this is a bug and will update this entry of my findings, but to solve the customer's problem I created two simple business rules that use the SN Regex API to do the masking for me. Here is the setup:

1. Created Business Rule for SSN Masking. This rule they just wanted SSN when found to be replaced by ###-##-#### so they knew SSN was found and removed.

• Name = Mask SSN in Incident Description
• Table = Incident
• When = Before (Insert or Update)
• Click Advanced - Here is the script

(function executeRule(current, previous /null when async/) {

  var rgx = new SNC.Regex('/[0-9]{3}-[0-9]{2}-[0-9]{4}/');

  var result = current.description;

  current.description = rgx.replaceAll(result,"###-##-####");

})(current, previous);

2. Created Business Rule for Acct # Masking. This rule they had a requirement where there account numbers all start 45673 and then can contain any number of digits afterwards. The business rule below removes account number where it finds it and replaces it with "45673..." denoting that account number was found and removed.

Here is the business rule for that masking

• Name = Mask Acct Number in Incident Description
• Table = Incident
• When = Before (Insert or Update)
• Click Advanced Checkbox - Here is the script

(function executeRule(current, previous /null when async/) {  

  var rgx = new SNC.Regex('/45673[0-9]*/');

  var result = current.description;

  current.description = rgx.replaceAll(result,"45673...");

})(current, previous);

Once these are activated, I tested on a number of data runs to make sure that if multiple patterns were found of each type they would be handled through all occurrences. Below is an example of data I used to test.

Joe 305-44-5678 3456-2345-2342-2345

Jimmy 306-66-3345 2345-2345-1234-1235

Joe 305-44-5678 3456-2345-2342-2345

Jimmy 306-66-3345 2345-2345-1234-1235

Joe 305-44-5678 3456-2345-2342-2345

Jimmy 306-66-3345 2345-2345-1234-1235

45673234238282 some more test

some test 45673678997 some more text

Here is the output of data when removed:

Joe ###-##-#### 3456-2345-2342-2345

Jimmy ###-##-#### 2345-2345-1234-1235

Joe ###-##-#### 3456-2345-2342-2345

Jimmy ###-##-#### 2345-2345-1234-1235

Joe ###-##-#### 3456-2345-2342-2345

Jimmy ###-##-#### 2345-2345-1234-1235

45673... some more test

some test 45673... some more text

Lastly, I wanted to provide link to documentation and sites that helped me put this together:

1. First is documentation on the SN Regex API: SNC Regex API - ServiceNow Wiki

2. In figuring out the regular expression I always use https://regex101.com/

This was a quick and easy solution, but I didn't see alot of topics on this subject, so I thought I would share. Feedback & Comments on usefulness or better ways to do this are always appreciated.

Enjoy!