- JSON representation
- SaveFindings
- OutputStorageConfig
- OutputSchema
- PublishToPubSub
- PublishSummaryToCscc
- PublishFindingsToCloudDataCatalog
- JobNotificationEmails
- PublishToStackdriver
A task to execute on the completion of a job. See https://cloud.google.com/dlp/docs/concepts-actions to learn more.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field
|
|
saveFindings |
Save resulting findings in a provided location. |
pubSub |
Publish a notification to a pubsub topic. |
publishSummaryToCscc |
Publish summary to Cloud Security Command Center (Alpha). |
publishFindingsToCloudDataCatalog |
Publish findings to Cloud Datahub. |
jobNotificationEmails |
Enable email notification for project owners and editors on job's completion/failure. |
publishToStackdriver |
Enable Stackdriver metric dlp.googleapis.com/findingCount. |
SaveFindings
If set, the detailed findings will be persisted to the specified OutputStorageConfig. Only a single instance of this action can be specified. Compatible with: Inspect, Risk
JSON representation |
---|
{
"outputConfig": {
object ( |
Fields | |
---|---|
outputConfig |
Location to store findings outside of DLP. |
OutputStorageConfig
Cloud repository for storing output.
JSON representation |
---|
{ "outputSchema": enum ( |
Fields | |
---|---|
outputSchema |
Schema used for writing the findings for Inspect jobs. This field is only used for Inspect and must be unspecified for Risk jobs. Columns are derived from the If unspecified, then all available columns will be used for a new table or an (existing) table with no schema, and no changes will be made to an existing table that has a schema. Only for use with external storage. |
table |
Store findings in an existing table or a new table in an existing dataset. If tableId is not set a new one will be generated for you with the following format: dlp_googleapis_yyyy_mm_dd_[dlp_job_id]. Pacific timezone will be used for generating the date details. For Inspect, each column in an existing output table must have the same name, type, and mode of a field in the For Risk, an existing output table should be the output of a previous Risk analysis job run on the same source table, with the same privacy metric and quasi-identifiers. Risk jobs that analyze the same table but compute a different privacy metric, or use different sets of quasi-identifiers, cannot store their results in the same table. |
OutputSchema
Predefined schemas for storing findings. Only for use with external storage.
Enums | |
---|---|
OUTPUT_SCHEMA_UNSPECIFIED |
Unused. |
BASIC_COLUMNS |
Basic schema including only infoType , quote , certainty , and timestamp . |
GCS_COLUMNS |
Schema tailored to findings from scanning Google Cloud Storage. |
DATASTORE_COLUMNS |
Schema tailored to findings from scanning Google Datastore. |
BIG_QUERY_COLUMNS |
Schema tailored to findings from scanning Google BigQuery. |
ALL_COLUMNS |
Schema containing all columns. |
PublishToPubSub
Publish a message into given Pub/Sub topic when DlpJob has completed. The message contains a single field, DlpJobName
, which is equal to the finished job's DlpJob.name
. Compatible with: Inspect, Risk
JSON representation |
---|
{ "topic": string } |
Fields | |
---|---|
topic |
Cloud Pub/Sub topic to send notifications to. The topic must have given publishing access rights to the DLP API service account executing the long running DlpJob sending the notifications. Format is projects/{project}/topics/{topic}. |
PublishSummaryToCscc
Publish the result summary of a DlpJob to the Cloud Security Command Center (CSCC Alpha). This action is only available for projects which are parts of an organization and whitelisted for the alpha Cloud Security Command Center. The action will publish count of finding instances and their info types. The summary of findings will be persisted in CSCC and are governed by CSCC service-specific policy, see https://cloud.google.com/terms/service-terms Only a single instance of this action can be specified. Compatible with: Inspect
PublishFindingsToCloudDataCatalog
Publish findings of a DlpJob to Data Catalog. Labels summarizing the results of the DlpJob will be applied to the entry for the resource scanned in Data Catalog. Any labels previously written by another DlpJob will be deleted. InfoType naming patterns are strictly enforced when using this feature. Note that the findings will be persisted in Data Catalog storage and are governed by Data Catalog service-specific policy, see https://cloud.google.com/terms/service-terms Only a single instance of this action can be specified and only allowed if all resources being scanned are BigQuery tables. Compatible with: Inspect
JobNotificationEmails
Enable email notification to project owners and editors on jobs's completion/failure.
PublishToStackdriver
Enable Stackdriver metric dlp.googleapis.com/findingCount. This will publish a metric to stack driver on each infotype requested and how many findings were found for it. CustomDetectors will be bucketed as 'Custom' under the Stackdriver label 'infoType'.