如何使用DLP扫描BigQuery表以查找敏感数据? [英] How to scan BigQuery table with DLP looking for sensitive data?

查看:188
本文介绍了如何使用DLP扫描BigQuery表以查找敏感数据?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想使用 DLP BigQuery 中分析我的表.有可能的 ?怎么做 ?

I would like to analyze my tables in BigQuery using DLP. It is possible ? How to do that ?

推荐答案

有可能.您需要定义storage_config才能使用BigQuery. 如果要将结果保存在另一个表中,请在作业配置中添加一个save_findings操作.如果不采取任何措施,您将只能通过projects.dlpJobs.get方法访问作业的查找摘要.

It's possible. You need to define your storage_config to use BigQuery. If you want to save findings in another table, then add a save_findings action to the job config. Without actions you will only have access to the job's finding summary via the projects.dlpJobs.get method.

按照python中的示例调用DLP来扫描BigQuery: 

client_dlp = dlp_v2.DlpServiceClient.from_service_account_json(JSON_FILE_NAME)

inspect_job_data = {
    'storage_config': {
        'big_query_options': {
            'table_reference': {
                'project_id': GCP_PROJECT_ID,
                'dataset_id': DATASET_ID,
                'table_id': TABLE_ID
            },
            'rows_limit':10000,
            'sample_method':'RANDOM_START',
        },
    },
    'inspect_config': {
        'info_types': [
            {'name': 'ALL_BASIC'},
        ],
    },
    'actions': [
        {
            'save_findings': {
                'output_config':{
                    'table':{
                        'project_id': GCP_PROJECT_ID,
                        'dataset_id': DATASET_ID,
                        'table_id': '{}_DLP'.format(TABLE_ID)
                    }
                }

            },
        },
    ]
}
operation = client_dlp.create_dlp_job(parent=client_dlp.project_path(GCP_PROJECT_ID), inspect_job=inspect_job_data)

还有一个查询以分析结果: 

client_bq = bigquery.Client.from_service_account_json(JSON_FILE_NAME)
# Perform a query.
QUERY = (
    'WITH result AS ('
    'SELECT'
    ' c1.info_type.name,'
    ' c1.likelihood,'
    ' content_locations.record_location.record_key.big_query_key.table_reference as bq,'
    ' content_locations.record_location.field_id as column '
    'FROM '
    ' `'+ GCP_PROJECT_ID +'.'+  DATASET_ID +'.'+  TABLE_ID  +'_DLP` as c1 '
    'CROSS JOIN UNNEST(c1.location.content_locations) AS content_locations '
    'WHERE c1.likelihood in (\'LIKELY\',\'VERY_LIKELY\'))'
    'SELECT r.name as info_type, r.likelihood, r.bq.project_id, r.bq.dataset_id,'
    ' r.bq.table_id, r.column.name, count(*) as count  FROM result r GROUP By 1,2,3,4,5,6 '
    'ORDER By COUNT DESC'
)
query_job = client_bq.query(QUERY)  # API request
rows = query_job.result() 
for row in rows:
    print('RULES: {} ({}) | COLUMN: {}.{}.{}:{} | count->{}'.format
          (row.info_type, row.likelihood, row.project_id,row.dataset_id,row.table_id,row.name, row.count)

您可以找到更多详细信息

You can find more details here

这篇关于如何使用DLP扫描BigQuery表以查找敏感数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆