How to exclude collection of certain parameters by each agents

In order to implement your tool on our client’s environment, we were asked by its security team to provide the configuration options for .NET and Infrastructure agents which are working on Windows OS.
In general, we need to confirm what control options we have when sending data to new relic cloud:

1.What data is shared to new relic cloud by default?
2.How we can limit sharing of this data? Separately for .NET and Infrastructure agents
For instance, we would like the Windows OS parameters (Family, Version, Platform) are not shared to the cloud. We have encountered the publications ( Enable and disable attributes (.NET) | New Relic Documentation ) that describes the options of include and exclude attributes, however it is not working In the expected way. It may be caused by incorrect understanding of the mechanism or incorrect configuration.
3.What are the minimum permissions both agents need to work?
4.how the data is obtained by each agent?

Would you please give us some examples for exclude attributes for both .NET and Infrastructure? Also, the information about the files which should be modified.
Below is the example of the configuration we did for .NET agent which is not working:

Hello @vsoft25,

Thank you for posting your question in our Community! I think I may need some clarification on the kind of data you don’t want to send to New Relic; maybe we can start with what data you do want to send to New Relic.

Infrastructure agent

  • Are you wanting to look at host information?

.NET agent

  • Are you wanting to monitor specific .NET services?
  • Are you looking for transaction data, whether web or non-web?
  • Are you wanting to view .NET performance metrics?

For the enabling and disabling of attributes configuration you mentioned, that refers to attributes of an event or transaction. Per our doc on Agent attributes:

Attributes are key-value pairs containing information that determines the properties of an event or transaction

It will not work for the use case you are describing. We do have sendEnvironmentInfo config option that may work for you. If you set this to false, the agent will not record execution environment information, including the operating system, agent version, and which assemblies are available.

We also offer high security mode if this fits your use case, please read the doc for more info on that setting.

For the .NET agent, it will require modify permissions on the Logs folder in order to operate, as it needs to be able to write logs to monitor processes. TLS is also required on all domains.

Additionally, you can also set up your environment in a way so that the .NET agent will only monitor processes you want to be monitored, by using global and app-local newrelic.configs to disable and enable the agent, as one example.

Best,
Reese Lee
Technical Support Engineer

Infrastructure agent

  • Are you wanting to look at host information?
    • Yes, I want to know what is the performance and health of given host. I do not want to send information about operating system (for example InfrastructureEvent/NetworkSample/StorageSample/SystemSample/etc and fields: Operating system, Windows family, Windows platform, Windows version).

.NET agent

  • Are you wanting to monitor specific .NET services?
    • Yes, some .NET Windows services, some Web apps (ASP.NET MVC for now and later ASP.NET Core).
  • Are you looking for transaction data, whether web or non-web?
    • Yes for both.
  • Are you wanting to view .NET performance metrics?
    • Yes, all available .NET performance metrics.

has anyone forgotten about us ?

Hi, @vsoft25: You may configure drop data rules to omit specific attributes from each event: Drop data using NerdGraph | New Relic Documentation.