Google Cloud DLP - Tag Sensitive Items
The material in this document is for informational purposes only. Rampiva makes no representations or warranties with respect to this document or with respect to the workflow described herein. Rampiva shall not be liable for any damages, losses, costs or expenses, direct, indirect or incidental, consequential or special, arising out of, or related to the use of this material or the products described herein.
Description
This workflow exports the the text of all audited items in the Nuix case and runs it through the Google Cloud DLP module. Then, it tags items that are sensitive with the "Sensitive" tag and a subtag corresponding to the sensitive information category detected.
Prerequisites
Google Cloud project. See https://cloud.google.com/resource-manager/docs/creating-managing-projects
Cloud Resource Manager API enabled in the Google Cloud project. See https://console.developers.google.com/apis/api/cloudresourcemanager.googleapis.com/overview
Google Cloud service account credentials key file. See https://cloud.google.com/iam/docs/creating-managing-service-account-keys#creating
Google Cloud CLI Installed. See https://cloud.google.com/sdk/gcloud#download_and_install_the
Google Cloud alpha component installed. To install run "gcloud components install alpha" as an administrator. See
Google Cloud bq component installed. To install run "gcloud components install bq" as an administrator. See
Cloud Data Loss Prevention (DLP) enabled in Google cloud console.See
Parameters
Parameter | Description |
---|---|
{nuix_case_location} | The Nuix case to run the DLP on |
{nuix_scope} | The query to select the Nuix items in scope |
{service_account_credentials_file} | See |
{cloud_project_id} | See |
{dlp_info_types} | See |
Usage
Run against a Nuix case with existing data. The items in scope will be tagged according to the Google DLP detected sensitivity.
Operations
Operation | Notes | ||
---|---|---|---|
1 |
| Configure Parameters |
|
2 | PowerShell | Verify that gcloud is installed, install alpha component in needed, Configure gcloud account and project using service account | |
3 | PowerShell | Enable Project APIs | |
4 | PowerShell | Verify that API access is enabled | |
5 | Script | Trigger errors if gcloud is not installed or gcloud alpha component is not installed or gcloud is not authorized or gcloud does not have a project assigned | |
6 | PowerShell | Create bucket to upload text files to | |
7 | Script | Verify that the bucket was created and verify project exists / service account has access | |
8 | PowerShell | Create Big Query dataset to upload results from DLP inspections | |
9 | Use Case | Open the Nuix case | |
10 | Script | Write Production Profile | |
11 | Add Items to Production Set | Adds the items in scope to a temporary production set | |
12 | Legal Export | Exports text files | |
13 | Delete Production Set | Delete the temporary production set | |
14 | PowerShell | Upload text files to the bucket | |
15 | PowerShell | Create DLP inspection job | |
16 | PowerShell | Verify that the job was created | |
17 | PowerShell | Wait until DLP job finishes | |
18 | PowerShell | Query the results of the DLP job and save results to parameter | |
19 | Script | Tag sensitive items | |
20 | PowerShell | Clean-up Google Cloud artifacts and text files |
Download