What Data is Collected by the Scout APM Agent?
When you install our APM agent into your application, we instrument your code in order to gather timing and other data. The data collected for all transactions includes:
- Numeric metrics (timing, object allocations, memory)
- Controller (in MVC terms) name and invoked controller function name
- Background job name and invoked function name
- SQL table and operation (e.g. Users#select)
In addition to collecting general data for every transaction, Scout uses an algorithm to pick out the most interesting transactions. These detailed transactions gather more information about the specifics of the transaction including:
- URL path
- URL parameters
- SQL query strings (scrubbed and sanitized before being sent to Scout)
- Outgoing HTTP request URLs (of instrumented HTTP libraries)
- End user IP (the IP of a user making a request to your web server)
- File name and line number of slow functions (used to display a backtrace)
Some of this information can be disabled for detailed transactions. Refer to the configuration section for your language at https://scoutapm.com/docs
In Ruby, you can set
log_level = debug to inspect the entire payload sent by our agent.
Our agent can be installed safely in HIPAA compliant environments. To ensure user data is properly de-identified:
- Disable sending HTTP query parameters if these contain sensitive data via the
- Do not add custom context (like reporting the current user in the session.)
Email firstname.lastname@example.org with any questions regarding the installation of Scout in HIPAA compliant environments.
While our monitoring agents are primarily metric-focused, they can be configured to send personal data if the customer wishes.
Scout’s payment and card information is handled by Stripe, which has been audited by an independent PCI Qualified Security Assessor and is certified as a PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry.
Scout does not typically receive credit card data, making it compliant with Payment Card Industry Data Security Standards (PCI DSS) in most situations.