By default, New Relic products report a variety of data used in our UI charts and that is available for querying. Our products will not transmit sensitive information without being explicitly instrumented to do so.
Our products report a set of default events and attributes. We will never send request parameters or any other attributes that are not in the default set, unless someone has explicitly enabled this via configuration.
When evaluating security settings for a New Relic product, review the default events and attributes. The default attributes don't contain sensitive data. In general, it's simply the data needed for effective performance monitoring. Our products don't send other data unless you change the default security settings.
Depending on your requirements, either or both of these situations may apply:
- If the default list contains data you're concerned about, you can disable those attributes from being collected. For how to edit that, see the documentation for the product you're using.
- If you need to send attributes not reported by default, you can enable those attributes to be reported. In that case, do not use high-security mode: this will disable the ability to collect custom attributes.