如何使用DLP扫描BigQuery表以查找敏感数据? [英] How to scan BigQuery table with DLP looking for sensitive data?
本文介绍了如何使用DLP扫描BigQuery表以查找敏感数据?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想使用 DLP 在 BigQuery 中分析我的表.有可能的 ?怎么做 ?
I would like to analyze my tables in BigQuery using DLP. It is possible ? How to do that ?
推荐答案
有可能.您需要定义storage_config才能使用BigQuery.
如果要将结果保存在另一个表中,请在作业配置中添加一个save_findings
操作.如果不采取任何措施,您将只能通过projects.dlpJobs.get
方法访问作业的查找摘要.
It's possible. You need to define your storage_config to use BigQuery.
If you want to save findings in another table, then add a save_findings
action to the job config. Without actions you will only have access to the job's finding summary via the projects.dlpJobs.get
method.
按照python中的示例调用DLP来扫描BigQuery:
client_dlp = dlp_v2.DlpServiceClient.from_service_account_json(JSON_FILE_NAME)
inspect_job_data = {
'storage_config': {
'big_query_options': {
'table_reference': {
'project_id': GCP_PROJECT_ID,
'dataset_id': DATASET_ID,
'table_id': TABLE_ID
},
'rows_limit':10000,
'sample_method':'RANDOM_START',
},
},
'inspect_config': {
'info_types': [
{'name': 'ALL_BASIC'},
],
},
'actions': [
{
'save_findings': {
'output_config':{
'table':{
'project_id': GCP_PROJECT_ID,
'dataset_id': DATASET_ID,
'table_id': '{}_DLP'.format(TABLE_ID)
}
}
},
},
]
}
operation = client_dlp.create_dlp_job(parent=client_dlp.project_path(GCP_PROJECT_ID), inspect_job=inspect_job_data)
还有一个查询以分析结果:
client_bq = bigquery.Client.from_service_account_json(JSON_FILE_NAME)
# Perform a query.
QUERY = (
'WITH result AS ('
'SELECT'
' c1.info_type.name,'
' c1.likelihood,'
' content_locations.record_location.record_key.big_query_key.table_reference as bq,'
' content_locations.record_location.field_id as column '
'FROM '
' `'+ GCP_PROJECT_ID +'.'+ DATASET_ID +'.'+ TABLE_ID +'_DLP` as c1 '
'CROSS JOIN UNNEST(c1.location.content_locations) AS content_locations '
'WHERE c1.likelihood in (\'LIKELY\',\'VERY_LIKELY\'))'
'SELECT r.name as info_type, r.likelihood, r.bq.project_id, r.bq.dataset_id,'
' r.bq.table_id, r.column.name, count(*) as count FROM result r GROUP By 1,2,3,4,5,6 '
'ORDER By COUNT DESC'
)
query_job = client_bq.query(QUERY) # API request
rows = query_job.result()
for row in rows:
print('RULES: {} ({}) | COLUMN: {}.{}.{}:{} | count->{}'.format
(row.info_type, row.likelihood, row.project_id,row.dataset_id,row.table_id,row.name, row.count)
You can find more details here
这篇关于如何使用DLP扫描BigQuery表以查找敏感数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文