Cloud Data Loss Prevention (Cloud DLP) is now a part of Sensitive Data Protection. The API name remains the same: Cloud Data Loss Prevention API (DLP API). For information about the services that make up Sensitive Data Protection, see Sensitive Data Protection overview.

Customizing match likelihood

Using hotword rules, you can further extend built-in and custom infoType detectors with powerful context rules. A hotword rule instructs Sensitive Data Protection to adjust the likelihood of a finding, depending on whether a hotword occurs near that finding. A hotword rule is a kind of inspection rule, which is specified in rule sets. Each rule is applied to a set of built-in or custom infoTypes.

Anatomy of a hotword rule

An infoType detector can have zero or more hotword rules. In your inspection configuration, you define each HotwordRule object inside the rules array, as follows:

"rules":[
{
"hotwordRule":{
"hotwordRegex":{
"pattern":"REGEX_PATTERN"
},
"proximity":{
"windowAfter":"NUM_CHARS_TO_CONSIDER_AFTER_FINDING",
"windowBefore":"NUM_CHARS_TO_CONSIDER_BEFORE_FINDING"
}
"likelihoodAdjustment":{
"fixedLikelihood":"LIKELIHOOD_VALUE"
--OR--
"relativeLikelihood":"LIKELIHOOD_ADJUSTMENT"
},
}
},
...
]

Replace the following:

  • REGEX_PATTERN: a regular expression (Regex object) that defines what qualifies as a hotword.
  • NUM_CHARS_TO_CONSIDER_AFTER_FINDING: a range of characters after the finding. Sensitive Data Protection analyzes this range to determine whether a hotword occurs near the finding.

  • NUM_CHARS_TO_CONSIDER_BEFORE_FINDING: a range of characters before the finding. Sensitive Data Protection analyzes this range to determine whether a hotword occurs near the finding.

  • LIKELIHOOD_VALUE: a fixed Likelihood level to set the finding to.

  • LIKELIHOOD_ADJUSTMENT: a number that indicates how much Sensitive Data Protection must increase or decrease the likelihood of the finding. A positive integer increases the likelihood level, and a negative integer decreases it. For example, if a finding would be POSSIBLE without the detection rule and relativeLikelihood is 1, then the finding is upgraded to LIKELY. If relativeLikelihood is -1, then the finding is downgraded to UNLIKELY. Likelihood can never drop lower than VERY_UNLIKELY or exceed VERY_LIKELY. In these cases, the likelihood level remains the same. For example, if the base likelihood is VERY_LIKELY and the relativeLikelihood is 1, the final likelihood remains to be VERY_LIKELY.

Hotword example: Match medical record numbers

Suppose you want to detect a custom infoType such as a medical record number (MRN) in the form "###-#-#####". Also, you want Sensitive Data Protection to increase the match likelihood of each finding that follows the hotword "MRN".

Example values:

  • 123-4-56789 would match as POSSIBLE.
  • MRN 123-4-56789 would match as VERY_LIKELY.

The following JSON example and code snippets show you how to configure the hotword rule. This example uses a custom regular expression detector.

In this example, note the following:

  • The request defines the C_MRN custom infoType, which is a detector for any string that matches the regular expression [0-9]{3}-[0-9]{1}-[0-9]{5}.
  • The regular expression (?i)(mrn|medical)(?-i) defines the hotword. Sensitive Data Protection searches for this hotword within the range of characters defined in the proximity field.
  • For each C_MRN finding that has a hotword within the set proximity, Sensitive Data Protection sets the likelihood level to VERY_LIKELY.

C#

To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries.

To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment. 


usingSystem;
usingGoogle.Api.Gax.ResourceNames ;
usingGoogle.Cloud.Dlp.V2 ;
usingstaticGoogle.Cloud.Dlp.V2.CustomInfoType.Types;
publicclassInspectDataWithHotwordRule
{
publicstaticInspectContentResponseInspectDataHotwordRule(
stringprojectId,
stringtext,
stringcustomRegex,
stringhotwordRegex,
InfoType infoType=null)
{
// Instantiate dlp client.
vardlp=DlpServiceClient .Create ();
// Construct the content item.
varcontentItem=newContentItem
{
ByteItem=newByteContentItem
{
Type=ByteContentItem .Types .BytesType .TextUtf8 ,
Data=Google.Protobuf.ByteString.CopyFromUtf8(text)
}
};
// Construct the info type if null.
varinfotype=infoType??newInfoType {Name="C_MRN"};
// Construct the custom regex detector.
varcustomInfoType=newCustomInfoType
{
InfoType=infotype,
Regex=newRegex{Pattern=customRegex},
Likelihood=Likelihood .Possible
};
// Construct hotword rule.
varhotwordRule=newDetectionRule.Types.HotwordRule
{
HotwordRegex=newRegex{Pattern=hotwordRegex},
LikelihoodAdjustment=newDetectionRule.Types.LikelihoodAdjustment
{
FixedLikelihood=Likelihood .VeryLikely
},
Proximity=newDetectionRule.Types.Proximity
{
WindowBefore=10
}
};
// Construct the rule set for the inspect config.
varinspectionRuleSet=newInspectionRuleSet
{
InfoTypes={infotype},
Rules=
{
newInspectionRule
{
HotwordRule=hotwordRule
}
}
};
// Construct the inspect config.
varinspectConfig=newInspectConfig
{
CustomInfoTypes={customInfoType},
IncludeQuote=true,
RuleSet={inspectionRuleSet},
};
// Construct the request.
varrequest=newInspectContentRequest
{
ParentAsLocationName=newLocationName (projectId,"global"),
Item=contentItem,
InspectConfig=inspectConfig
};
// Call the API.
varresponse=dlp.InspectContent(request);
// Inspect the response.
Console.WriteLine($"Findings: {response.Result.Findings.Count}");
foreach(varfinresponse.Result.Findings)
{
Console.WriteLine("Quote: "+f.Quote);
Console.WriteLine("Info type: "+f.InfoType .Name);
Console.WriteLine("Likelihood: "+f.Likelihood );
}
returnresponse;
}
}

Go

To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries.

To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment. 

import(
"context"
"fmt"
"io"
dlp"cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// inspectWithHotWordRules inspects data with hot word rule, it uses custom
// regex with a hot word rule to increase the likelihood match
funcinspectWithHotWordRules(wio.Writer,projectID,textToInspectstring)error{
// projectID := "my-project-id"
// textToInspect := "Patient's MRN 444-5-22222 and just a number 333-2-33333"
ctx:=context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client,err:=dlp.NewClient (ctx)
iferr!=nil{
returnerr
}
// Closing the client safely cleans up background resources.
deferclient.Close ()
// Specify the type and content to be inspected.
contentItem:=&dlppb.ContentItem{
DataItem:&dlppb.ContentItem_ByteItem{
ByteItem:&dlppb.ByteContentItem{
Type:dlppb.ByteContentItem_TEXT_UTF8 ,
Data:[]byte(textToInspect),
},
},
}
// Construct the custom regex detectors
customInfoType:=&dlppb.CustomInfoType{
InfoType:&dlppb.InfoType{
Name:"C_MRN",
},
Type:&dlppb.CustomInfoType_Regex_{
Regex:&dlppb.CustomInfoType_Regex{
Pattern:"[1-9]{3}-[1-9]{1}-[1-9]{5}",
},
},
Likelihood:dlppb.Likelihood_POSSIBLE ,
}
// Construct hotword rule.
hotWordRule:=&dlppb.CustomInfoType_DetectionRule_HotwordRule{
HotwordRegex:&dlppb.CustomInfoType_Regex{
Pattern:"(?i)(mrn|medical)(?-i)",
},
Proximity:&dlppb.CustomInfoType_DetectionRule_Proximity{
WindowBefore:int32(10),
},
LikelihoodAdjustment:&dlppb.CustomInfoType_DetectionRule_LikelihoodAdjustment{
Adjustment:&dlppb.CustomInfoType_DetectionRule_LikelihoodAdjustment_FixedLikelihood{
FixedLikelihood:dlppb.Likelihood_VERY_LIKELY ,
},
},
}
inspectionRuleSet:=&dlppb.InspectionRuleSet{
Rules:[]*dlppb.InspectionRule{
{
Type:&dlppb.InspectionRule_HotwordRule{
HotwordRule:hotWordRule,
},
},
},
InfoTypes:[]*dlppb.InfoType{
customInfoType.InfoType,
},
}
// Construct the Inspect request to be sent by the client.
req:=&dlppb.InspectContentRequest{
Parent:fmt.Sprintf("projects/%s/locations/global",projectID),
Item:contentItem,
InspectConfig:&dlppb.InspectConfig{
CustomInfoTypes:[]*dlppb.CustomInfoType{
customInfoType,
},
RuleSet:[]*dlppb.InspectionRuleSet{
inspectionRuleSet,
},
IncludeQuote:true,
},
}
// Send the request.
resp,err:=client.InspectContent(ctx,req)
iferr!=nil{
returnerr
}
// Parse the response and process results
fmt.Fprintf(w,"Findings: %v\n",len(resp.Result.Findings))
for_,v:=rangeresp.GetResult().Findings{
fmt.Fprintf(w,"Quote: %v\n",v.GetQuote())
fmt.Fprintf(w,"InfoType Name: %v\n",v.GetInfoType().GetName())
fmt.Fprintf(w,"Likelihood: %v\n",v.GetLikelihood())
}
returnnil
}

Java

To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries.

To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment. 


importcom.google.cloud.dlp.v2.DlpServiceClient ;
importcom.google.privacy.dlp.v2.ByteContentItem ;
importcom.google.privacy.dlp.v2.ByteContentItem.BytesType ;
importcom.google.privacy.dlp.v2.ContentItem ;
importcom.google.privacy.dlp.v2.CustomInfoType ;
importcom.google.privacy.dlp.v2.CustomInfoType.DetectionRule.HotwordRule ;
importcom.google.privacy.dlp.v2.CustomInfoType.DetectionRule.LikelihoodAdjustment ;
importcom.google.privacy.dlp.v2.CustomInfoType.DetectionRule.Proximity ;
importcom.google.privacy.dlp.v2.CustomInfoType.Regex ;
importcom.google.privacy.dlp.v2.Finding ;
importcom.google.privacy.dlp.v2.InfoType ;
importcom.google.privacy.dlp.v2.InspectConfig ;
importcom.google.privacy.dlp.v2.InspectContentRequest ;
importcom.google.privacy.dlp.v2.InspectContentResponse ;
importcom.google.privacy.dlp.v2.InspectionRule ;
importcom.google.privacy.dlp.v2.InspectionRuleSet ;
importcom.google.privacy.dlp.v2.Likelihood ;
importcom.google.privacy.dlp.v2.LocationName ;
importcom.google.protobuf.ByteString ;
importjava.io.IOException;
publicclass InspectWithHotwordRules{
publicstaticvoidmain(String[]args)throwsException{
// TODO(developer): Replace these variables before running the sample.
StringprojectId="your-project-id";
StringtextToInspect="Patient's MRN 444-5-22222 and just a number 333-2-33333";
StringcustomRegexPattern="[1-9]{3}-[1-9]{1}-[1-9]{5}";
StringhotwordRegexPattern="(?i)(mrn|medical)(?-i)";
inspectWithHotwordRules(projectId,textToInspect,customRegexPattern,hotwordRegexPattern);
}
// Inspects a BigQuery Table
publicstaticvoidinspectWithHotwordRules(
StringprojectId,StringtextToInspect,StringcustomRegexPattern,StringhotwordRegexPattern)
throwsIOException{
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try(DlpServiceClient dlp=DlpServiceClient .create()){
// Specify the type and content to be inspected.
ByteContentItem byteItem=
ByteContentItem .newBuilder()
.setType(BytesType .TEXT_UTF8)
.setData (ByteString .copyFromUtf8 (textToInspect))
.build();
ContentItem item=ContentItem .newBuilder().setByteItem(byteItem).build();
// Specify the regex pattern the inspection will look for.
Regex regex=Regex .newBuilder().setPattern (customRegexPattern).build();
// Construct the custom regex detector.
InfoType infoType=InfoType .newBuilder().setName("C_MRN").build();
CustomInfoType customInfoType=
CustomInfoType .newBuilder().setInfoType(infoType).setRegex(regex).build();
// Specify hotword likelihood adjustment.
LikelihoodAdjustment likelihoodAdjustment=
LikelihoodAdjustment .newBuilder().setFixedLikelihood (Likelihood .VERY_LIKELY).build();
// Specify a window around a finding to apply a detection rule.
Proximity proximity=Proximity .newBuilder().setWindowBefore (10).build();
// Construct hotword rule.
HotwordRule hotwordRule=
HotwordRule .newBuilder()
.setHotwordRegex(Regex .newBuilder().setPattern (hotwordRegexPattern).build())
.setLikelihoodAdjustment (likelihoodAdjustment)
.setProximity(proximity)
.build();
// Construct rule set for the inspect config.
InspectionRuleSet inspectionRuleSet=
InspectionRuleSet .newBuilder()
.addInfoTypes(infoType)
.addRules (InspectionRule .newBuilder().setHotwordRule(hotwordRule))
.build();
// Construct the configuration for the Inspect request.
InspectConfig config=
InspectConfig .newBuilder()
.addCustomInfoTypes (customInfoType)
.setIncludeQuote (true)
.setMinLikelihood(Likelihood .POSSIBLE)
.addRuleSet (inspectionRuleSet)
.build();
// Construct the Inspect request to be sent by the client.
InspectContentRequest request=
InspectContentRequest .newBuilder()
.setParent(LocationName .of(projectId,"global").toString())
.setItem(item)
.setInspectConfig(config)
.build();
// Use the client to send the API request.
InspectContentResponse response=dlp.inspectContent(request);
// Parse the response and process results
System.out.println("Findings: "+response.getResult ().getFindingsCount());
for(Finding f:response.getResult ().getFindingsList()){
System.out.println("\tQuote: "+f.getQuote());
System.out.println("\tInfo type: "+f.getInfoType().getName());
System.out.println("\tLikelihood: "+f.getLikelihood());
}
}
}
}

Node.js

To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries.

To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment. 

// Imports the Google Cloud Data Loss Prevention library
constDLP=require('@google-cloud/dlp');
// Instantiates a client
constdlp=newDLP.DlpServiceClient ();
// The project ID to run the API call under
// const projectId = 'my-project';
// The string to inspect
// const string = 'Patients MRN 444-5-22222';
// The minimum likelihood required before returning a match
// const minLikelihood = DLP.protos.google.privacy.dlp.v2.Likelihood.POSSIBLE;
// The maximum number of findings to report per request (0 = server maximum)
// const maxFindings = 0;
// The infoTypes of information to match
// See https://cloud.google.com/dlp/docs/concepts-infotypes for more information
// about supported infoTypes.
// const infoTypes = [{ name: 'EMAIL_ADDRESS' }];
// The customInfoTypes of information to match
// const customInfoTypes = [{ infoType: { name: 'DICT_TYPE' }, dictionary: { wordList: { words: ['foo', 'bar', 'baz']}}},
// { infoType: { name: 'REGEX_TYPE' }, regex: {pattern: '\\(\\d{3}\\) \\d{3}-\\d{4}'}}];
// Whether to include the matching string
// const includeQuote = true;
// Custom hotword regex patten
// const hotwordRegexPattern = '(?i)(mrn|medical)(?-i)';
asyncfunctioninspectWithHotwordRule(){
// Construct item to inspect
constitem={
byteItem:{
type:DLP.protos.google.privacy.dlp.v2.ByteContentItem .BytesType
.TEXT_UTF8 ,
data:Buffer.from(string,'utf-8'),
},
};
// Construct a hot word rule
consthotwordRule={
hotwordRegex:{
pattern:hotwordRegexPattern,
},
proximity:{
windowBefore:10,
},
likelihoodAdjustment:{
fixedLikelihood:
DLP.protos.google.privacy.dlp.v2.Likelihood .VERY_LIKELY ,
},
};
// Construct a hotword inspection rule
constinpectionRuleSet=[
{
infoTypes:customInfoTypes.map(
customInfoType=>customInfoType.infoType
),
rules:[{hotwordRule:hotwordRule}],
},
];
// Assigns likelihood to each match
customInfoTypes=customInfoTypes.map(customInfoType=>{
customInfoType.likelihood=
DLP.protos.google.privacy.dlp.v2.Likelihood .POSSIBLE ;
returncustomInfoType;
});
// Construct request
constrequest={
parent:`projects/${projectId}/locations/global`,
inspectConfig:{
infoTypes:infoTypes,
customInfoTypes:customInfoTypes,
minLikelihood:minLikelihood,
includeQuote:includeQuote,
limits:{
maxFindingsPerRequest:maxFindings,
},
ruleSet:inpectionRuleSet,
},
item:item,
};
// Run request
const[response]=awaitdlp.inspectContent(request);
constfindings=response.result.findings;
if(findings.length > 0){
console.log('Findings:');
findings.forEach(finding=>{
if(includeQuote){
console.log(`\tQuote: ${finding.quote}`);
}
console.log(`\tInfo type: ${finding.infoType.name}`);
console.log(`\tLikelihood: ${finding.likelihood}`);
});
}else{
console.log('No findings.');
}
}
inspectWithHotwordRule();

PHP

To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries.

To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment. 

use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\CustomInfoType;
use Google\Cloud\Dlp\V2\CustomInfoType\DetectionRule\HotwordRule;
use Google\Cloud\Dlp\V2\CustomInfoType\DetectionRule\LikelihoodAdjustment;
use Google\Cloud\Dlp\V2\CustomInfoType\DetectionRule\Proximity;
use Google\Cloud\Dlp\V2\CustomInfoType\Regex;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\InspectContentRequest;
use Google\Cloud\Dlp\V2\InspectionRule;
use Google\Cloud\Dlp\V2\InspectionRuleSet;
use Google\Cloud\Dlp\V2\Likelihood;
/**
 * Inspect data with a hotword rule
 * This sample uses a custom regex with a hotword rule to increase the likelihood of match.
 *
 * @param string $projectId The Google Cloud project id to use as a parent resource.
 * @param string $textToInspect The string to inspect.
 */
function inspect_hotword_rule(
 // TODO(developer): Replace sample parameters before running the code.
 string $projectId,
 string $textToInspect = "Patient's MRN 444-5-22222 and just a number 333-2-33333"
): void {
 // Instantiate a client.
 $dlp = new DlpServiceClient();
 $parent = "projects/$projectId/locations/global";
 // Specify what content you want the service to Inspect.
 $item = (new ContentItem())
 ->setValue($textToInspect);
 // Specify the regex pattern the inspection will look for.
 $customRegexPattern = '[1-9]{3}-[1-9]{1}-[1-9]{5}';
 $hotwordRegexPattern = '(?i)(mrn|medical)(?-i)';
 // Construct the custom regex detector.
 $cMrnDetector = (new InfoType())
 ->setName('C_MRN');
 $customInfoType = (new CustomInfoType())
 ->setInfoType($cMrnDetector)
 ->setLikelihood(Likelihood::POSSIBLE)
 ->setRegex((new Regex())
 ->setPattern($customRegexPattern));
 // Specify hotword likelihood adjustment.
 $likelihoodAdjustment = (new LikelihoodAdjustment())
 ->setFixedLikelihood(Likelihood::VERY_LIKELY);
 // Specify a window around a finding to apply a detection rule.
 $proximity = (new Proximity())
 ->setWindowBefore(10);
 $hotwordRule = (new HotwordRule())
 ->setHotwordRegex((new Regex())
 ->setPattern($hotwordRegexPattern))
 ->setLikelihoodAdjustment($likelihoodAdjustment)
 ->setProximity($proximity);
 // Construct rule set for the inspect config.
 $inspectionRuleSet = (new InspectionRuleSet())
 ->setInfoTypes([$cMrnDetector])
 ->setRules([
 (new InspectionRule())
 ->setHotwordRule($hotwordRule)
 ]);
 // Construct the configuration for the Inspect request.
 $inspectConfig = (new InspectConfig())
 ->setCustomInfoTypes([$customInfoType])
 ->setIncludeQuote(true)
 ->setRuleSet([$inspectionRuleSet]);
 // Run request
 $inspectContentRequest = (new InspectContentRequest())
 ->setParent($parent)
 ->setInspectConfig($inspectConfig)
 ->setItem($item);
 $response = $dlp->inspectContent($inspectContentRequest);
 // Print the results
 $findings = $response->getResult()->getFindings();
 if (count($findings) == 0) {
 printf('No findings.' . PHP_EOL);
 } else {
 printf('Findings:' . PHP_EOL);
 foreach ($findings as $finding) {
 printf(' Quote: %s' . PHP_EOL, $finding->getQuote());
 printf(' Info type: %s' . PHP_EOL, $finding->getInfoType()->getName());
 printf(' Likelihood: %s' . PHP_EOL, Likelihood::name($finding->getLikelihood()));
 }
 }
}

Python

To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries.

To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment. 

importgoogle.cloud.dlp
definspect_data_w_custom_hotwords(
 project: str,
 content_string: str,
) -> None:
"""Uses the Data Loss Prevention API to analyze string with medical record
 number custom regex detector, with custom hotwords rules to boost finding
 certainty under some circumstances.
 Args:
 project: The Google Cloud project id to use as a parent resource.
 content_string: The string to inspect.
 Returns:
 None; the response from the API is printed to the terminal.
 """
 # Instantiate a client.
 dlp = google.cloud.dlp_v2 .DlpServiceClient ()
 # Construct a custom regex detector info type called "C_MRN",
 # with ###-#-##### pattern, where each # represents a digit from 1 to 9.
 # The detector has a detection likelihood of POSSIBLE.
 custom_info_types = [
 {
 "info_type": {"name": "C_MRN"},
 "regex": {"pattern": "[1-9]{3}-[1-9]{1}-[1-9]{5}"},
 "likelihood": google.cloud.dlp_v2 .Likelihood .POSSIBLE,
 }
 ]
 # Construct a rule set with hotwords "mrn" and "medical", with a likelohood
 # boost to VERY_LIKELY when hotwords are present within the 10 character-
 # window preceding the PII finding.
 hotword_rule = {
 "hotword_regex": {"pattern": "(?i)(mrn|medical)(?-i)"},
 "likelihood_adjustment": {
 "fixed_likelihood": google.cloud.dlp_v2 .Likelihood .VERY_LIKELY
 },
 "proximity": {"window_before": 10},
 }
 rule_set = [
 {"info_types": [{"name": "C_MRN"}], "rules": [{"hotword_rule": hotword_rule}]}
 ]
 # Construct the configuration dictionary with the custom regex info type.
 inspect_config = {
 "custom_info_types": custom_info_types,
 "rule_set": rule_set,
 "include_quote": True,
 }
 # Construct the `item`.
 item = {"value": content_string}
 # Convert the project id into a full resource id.
 parent = f"projects/{project}"
 # Call the API.
 response = dlp.inspect_content (
 request={"parent": parent, "inspect_config": inspect_config, "item": item}
 )
 # Print out the results.
 if response.result.findings:
 for finding in response.result.findings:
 print(f"Quote: {finding.quote}")
 print(f"Info type: {finding.info_type.name}")
 print(f"Likelihood: {finding.likelihood}")
 else:
 print("No findings.")

REST

See the JSON quickstart for more information about using the DLP API with JSON.

HTTP method and URL:

POST https://dlp.googleapis.com/v2/projects/PROJECT_ID/content:inspect

Replace PROJECT_ID with the project ID.

JSON input:

{
"item":{
"value":"Patient's MRN 444-5-22222 and just a number 333-2-33333"
},
"inspectConfig":{
"customInfoTypes":[
{
"infoType":{
"name":"C_MRN"
},
"regex":{
"pattern":"[0-9]{3}-[0-9]{1}-[0-9]{5}"
},
"likelihood":"POSSIBLE",
}
],
"ruleSet":[
{
"infoTypes":[{"name":"C_MRN"}],
"rules":[
{
"hotwordRule":{
"hotwordRegex":{
"pattern":"(?i)(mrn|medical)(?-i)"
},
"likelihoodAdjustment":{
"fixedLikelihood":"VERY_LIKELY"
},
"proximity":{
"windowBefore":10
}
}
}
]
}
]
}
}

JSON output (abbreviated):

{
 "result": {
 "findings": [
 {
 "infoType": {
 "name": "C_MRN"
 },
 "likelihood": "VERY_LIKELY",
 "location": {
 "byteRange": {
 "start": "14",
 "end": "25"
 },
 "codepointRange": { ... }
 }
 },
 {
 "infoType": {
 "name": "C_MRN"
 },
 "likelihood": "POSSIBLE",
 "byteRange": {
 "start": "44",
 "end": "55"
 },
 "codepointRange": { ... }
 }
 }
 ]
 }
}

The output shows that Sensitive Data Protection correctly identified the medical record number using the C_MRN custom infoType detector. Further, because of the context matching in the hotword rule, Sensitive Data Protection assigned the first result—which had an MRN within the set proximity—a likelihood of VERY_LIKELY, as configured. The second finding lacked the context, so the likelihood stayed at POSSIBLE.

Hotword example: Set the match likelihood of a table column

This example demonstrates how you can set the match likelihood of an entire column of data. This approach is helpful, for example, if you want to exclude a column of data from inspection results.

Consider the following table. One column contains placeholder Social Security numbers (SSNs), and another contains real SSNs.

Fake Social Security Number Real Social Security Number
111-11-1111 222-22-2222

To minimize noise in inspection results, you can exclude any findings in the Fake Social Security Number column. Assign a low likelihood level to this column. Then, configure the request such that matches with that likelihood level are excluded from the results.

In this example, note the following:

  • The hotword rule is applied to the US_SOCIAL_SECURITY_NUMBER infoType.
  • The hotword regular expression (Fake Social Security Number) contains the name of the column that has the placeholder values.
  • The windowBefore property is set to 1, which means that the hotword is in a column header, and the findings must be in the column.
  • For each US_SOCIAL_SECURITY_NUMBER finding in this column, Sensitive Data Protection sets the likelihood level to VERY_UNLIKELY.
  • The minLikelihood property is set to POSSIBLE, which means that any finding that has a likelihood level lower than POSSIBLE is excluded from the inspection results.

See the JSON quickstart for more information about using the DLP API with JSON.

HTTP method and URL:

POST https://dlp.googleapis.com/v2/projects/PROJECT_ID/content:inspect

Replace PROJECT_ID with the project ID.

C#

To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries.

To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment. 


usingGoogle.Api.Gax.ResourceNames ;
usingGoogle.Cloud.Dlp.V2 ;
usingSystem;
usingSystem.Collections.Generic;
usingstaticGoogle.Cloud.Dlp.V2.CustomInfoType.Types;
publicclassInspectTableWithCustomHotwords
{
publicstaticInspectResultInspectTable(
stringprojectId,
Table tableToInspect=null,
IEnumerable<InfoType>infoTypes=null)
{
// Instantiate the dlp client.
vardlp=DlpServiceClient .Create ();
// Construct the table if null.
if(tableToInspect==null)
{
varrow1=newValue []
{
newValue {StringValue="111-11-1111"},
newValue {StringValue="222-22-2222"}
};
tableToInspect=newTable
{
Headers=
{
newFieldId {Name="Fake Social Security Number"},
newFieldId {Name="Real Social Security Number"}
},
Rows=
{
newTable.Types.Row{Values={row1}}
}
};
}
// Specify the table and construct the content item.
varcontentItem=newContentItem {Table=tableToInspect};
// Specify the type of info to be inspected.
varinfotypes=infoTypes??newInfoType []{newInfoType {Name="US_SOCIAL_SECURITY_NUMBER"}};
// Construct the Inspection Rule Set by specifying the hotword rule as detection rule.
varruleSet=newInspectionRuleSet []
{
newInspectionRuleSet
{
InfoTypes={infotypes},
Rules=
{
newInspectionRule
{
HotwordRule=newDetectionRule.Types.HotwordRule
{
HotwordRegex=newRegex
{
Pattern="(Fake Social Security Number)"
},
LikelihoodAdjustment=newDetectionRule.Types.LikelihoodAdjustment
{
FixedLikelihood=Likelihood .VeryUnlikely
},
Proximity=newDetectionRule.Types.Proximity
{
WindowBefore=1
}
}
}
}
}
};
// Construct the request.
varrequest=newInspectContentRequest
{
InspectConfig=newInspectConfig
{
InfoTypes={infotypes},
IncludeQuote=true,
MinLikelihood=Likelihood .Possible ,
RuleSet={ruleSet}
},
ParentAsLocationName=newLocationName (projectId,"global"),
Item=contentItem
};
// Call the API.
InspectContentResponse response=dlp.InspectContent(request);
// Inspect the results.
varresultFindings=response.Result .Findings;
Console.WriteLine($"Findings: {resultFindings.Count}");
foreach(varfinresultFindings)
{
Console.WriteLine("\tQuote: "+f.Quote);
Console.WriteLine("\tInfo type: "+f.InfoType .Name);
Console.WriteLine("\tLikelihood: "+f.Likelihood );
}
returnresponse.Result ;
}
}

Go

To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries.

To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment. 


import(
"context"
"fmt"
"io"
dlp"cloud.google.com/go/dlp/apiv2"
"cloud.google.com/go/dlp/apiv2/dlppb"
)
// inspectTableWithCustomHotword Sets the match likelihood of a table column to customize data inspection results.
// This example showcases how you can adjust the match likelihood for an entire column of data, enabling the
// exclusion of specific columns from inspection if needed.
funcinspectTableWithCustomHotword(wio.Writer,projectID,hotwordRegexPatternstring)error{
// projectID := "your-project-id"
// hotwordRegexPattern := "(Fake Social Security Number)"
tableToInspect:=&dlppb.Table{
Headers:[]*dlppb.FieldId{
{Name:"Fake Social Security Number"},
{Name:"Real Social Security Number"},
},
Rows:[]*dlppb.Table_Row{
{
Values:[]*dlppb.Value{
{
Type:&dlppb.Value_StringValue{StringValue:"111-11-1111"},
},
{
Type:&dlppb.Value_StringValue{StringValue:"222-22-2222"},
},
},
},
},
}
ctx:=context.Background()
// Initialize a client once and reuse it to send multiple requests. Clients
// are safe to use across goroutines. When the client is no longer needed,
// call the Close method to cleanup its resources.
client,err:=dlp.NewClient (ctx)
iferr!=nil{
returnerr
}
// Closing the client safely cleans up background resources.
deferclient.Close ()
// Specify what content you want the service to de-identify.
contentItem:=&dlppb.ContentItem_Table{
Table:tableToInspect,
}
// Specify the likelihood adjustment to adjust the match likelihood for your detection rule
// based on your needs and desired level of sensitivity in data analysis.
likelihoodAdjustment:=&dlppb.CustomInfoType_DetectionRule_LikelihoodAdjustment{
Adjustment:&dlppb.CustomInfoType_DetectionRule_LikelihoodAdjustment_FixedLikelihood{
FixedLikelihood:dlppb.Likelihood_VERY_UNLIKELY ,
},
}
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types.
infoTypes:=[]*dlppb.InfoType{
{Name:"US_SOCIAL_SECURITY_NUMBER"},
}
// Specify the proximity so that It helps identify sensitive information
// occurring near other data points, enabling more context-aware analysis.
proximity:=&dlppb.CustomInfoType_DetectionRule_Proximity{
WindowBefore:5,
}
// Construct hotWord rule.
hotwordRule:=&dlppb.CustomInfoType_DetectionRule_HotwordRule{
HotwordRegex:&dlppb.CustomInfoType_Regex{
Pattern:hotwordRegexPattern,
},
Proximity:proximity,
LikelihoodAdjustment:likelihoodAdjustment,
}
// Construct rule set for the inspect config.
inspectionRuleSet:=&dlppb.InspectionRuleSet{
InfoTypes:infoTypes,
Rules:[]*dlppb.InspectionRule{
{
Type:&dlppb.InspectionRule_HotwordRule{
HotwordRule:hotwordRule,
},
},
},
}
// Construct the configuration for the Inspect request.
config:=&dlppb.InspectConfig{
IncludeQuote:true,
InfoTypes:infoTypes,
MinLikelihood:dlppb.Likelihood_POSSIBLE ,
RuleSet:[]*dlppb.InspectionRuleSet{
inspectionRuleSet,
},
}
// Construct the Inspect request to be sent by the client.
req:=&dlppb.InspectContentRequest{
Parent:fmt.Sprintf("projects/%s/locations/global",projectID),
Item:&dlppb.ContentItem{
DataItem:contentItem,
},
InspectConfig:config,
}
// Send the request.
resp,err:=client.InspectContent(ctx,req)
iferr!=nil{
returnerr
}
// Parse the response and process results.
fmt.Fprintf(w,"Findings: %v\n",len(resp.Result.Findings))
for_,v:=rangeresp.GetResult().Findings{
fmt.Fprintf(w,"Quote: %v\n",v.GetQuote())
fmt.Fprintf(w,"Infotype Name: %v\n",v.GetInfoType().GetName())
fmt.Fprintf(w,"Likelihood: %v\n",v.GetLikelihood())
}
returnnil
}

Java

To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries.

To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment. 


importcom.google.cloud.dlp.v2.DlpServiceClient ;
importcom.google.privacy.dlp.v2.ContentItem ;
importcom.google.privacy.dlp.v2.CustomInfoType ;
importcom.google.privacy.dlp.v2.FieldId ;
importcom.google.privacy.dlp.v2.Finding ;
importcom.google.privacy.dlp.v2.InfoType ;
importcom.google.privacy.dlp.v2.InspectConfig ;
importcom.google.privacy.dlp.v2.InspectContentRequest ;
importcom.google.privacy.dlp.v2.InspectContentResponse ;
importcom.google.privacy.dlp.v2.InspectionRule ;
importcom.google.privacy.dlp.v2.InspectionRuleSet ;
importcom.google.privacy.dlp.v2.Likelihood ;
importcom.google.privacy.dlp.v2.LocationName ;
importcom.google.privacy.dlp.v2.Table ;
importcom.google.privacy.dlp.v2.Value ;
importjava.io.IOException;
importjava.util.List;
importjava.util.stream.Collectors;
importjava.util.stream.Stream;
publicclass InspectTableWithCustomHotword{
publicstaticvoidmain(String[]args)throwsIOException{
// TODO(developer): Replace these variables before running the sample.
// The Google Cloud project id to use as a parent resource.
StringprojectId="your-project-id";
// Specify the table to be considered for de-identification.
Table tableToDeIdentify=
Table .newBuilder()
.addHeaders (FieldId .newBuilder().setName("Some Social Security Number").build())
.addHeaders (FieldId .newBuilder().setName("Real Social Security Number").build())
.addRows (
Table .Row.newBuilder()
.addValues (Value .newBuilder().setStringValue ("111-11-1111").build())
.addValues (Value .newBuilder().setStringValue ("222-22-2222").build())
.build())
.build();
// Specify the regex pattern to be detected.
// Refer https://github.com/google/re2/wiki/Syntax for creating regular expression.
StringhotwordRegexPattern="Some Social Security Number";
inspectDemotingFindingsWithHotwords(projectId,tableToDeIdentify,hotwordRegexPattern);
}
// Inspects the provided table, excluding the findings of entire column matching regular
// expression.
publicstaticvoidinspectDemotingFindingsWithHotwords(
StringprojectId,Table tableToDeIdentify,StringhotwordRegexPattern)throwsIOException{
// Initialize client that will be used to send requests. This client only needs to be created
// once, and can be reused for multiple requests. After completing all of your requests, call
// the "close" method on the client to safely clean up any remaining background resources.
try(DlpServiceClient dlp=DlpServiceClient .create()){
// Specify what content you want the service to de-identify.
ContentItem contentItem=ContentItem .newBuilder().setTable(tableToDeIdentify).build();
CustomInfoType .DetectionRule .LikelihoodAdjustment likelihoodAdjustment=
CustomInfoType .DetectionRule.LikelihoodAdjustment.newBuilder()
.setFixedLikelihood (Likelihood .VERY_UNLIKELY)
.build();
// Specify the type of info the inspection will look for.
// See https://cloud.google.com/dlp/docs/infotypes-reference for complete list of info types
List<InfoType>infoTypes=
Stream.of("US_SOCIAL_SECURITY_NUMBER")
.map(it->InfoType .newBuilder().setName(it).build())
.collect(Collectors.toList());
CustomInfoType .DetectionRule .Proximity proximity=
CustomInfoType .DetectionRule.Proximity.newBuilder().setWindowBefore (1).build();
// Construct hotword rule.
CustomInfoType .DetectionRule .HotwordRule hotwordRule=
CustomInfoType .DetectionRule.HotwordRule.newBuilder()
.setHotwordRegex(
CustomInfoType .Regex.newBuilder().setPattern (hotwordRegexPattern).build())
.setLikelihoodAdjustment (likelihoodAdjustment)
.setProximity(proximity)
.build();
// Construct rule set for the inspect config.
InspectionRuleSet inspectionRuleSet=
InspectionRuleSet .newBuilder()
.addAllInfoTypes(infoTypes)
.addRules (InspectionRule .newBuilder().setHotwordRule(hotwordRule))
.build();
// Construct the configuration for the Inspect request.
InspectConfig config=
InspectConfig .newBuilder()
.setIncludeQuote (true)
.setMinLikelihood(Likelihood .POSSIBLE)
.addRuleSet (inspectionRuleSet)
.addAllInfoTypes(infoTypes)
.build();
// Construct the Inspect request to be sent by the client.
InspectContentRequest request=
InspectContentRequest .newBuilder()
.setParent(LocationName .of(projectId,"global").toString())
.setItem(contentItem)
.setInspectConfig(config)
.build();
InspectContentResponse response=dlp.inspectContent(request);
// Parse the response and process results.
System.out.println("Findings: "+response.getResult ().getFindingsCount());
for(Finding f:response.getResult ().getFindingsList()){
System.out.println("\tQuote: "+f.getQuote());
System.out.println("\tInfo type: "+f.getInfoType().getName());
System.out.println("\tLikelihood: "+f.getLikelihood());
}
}
}
}

Node.js

To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries.

To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment. 

// Imports the Google Cloud Data Loss Prevention library
constDLP=require('@google-cloud/dlp');
// Instantiates a client
constdlp=newDLP.DlpServiceClient ();
// The project ID to run the API call under.
// const projectId = "your-project-id";
// Table to inspect
consttableToInspect={
headers:[
{name:'Fake Social Security Number'},
{name:'Real Social Security Number'},
],
rows:[
{
values:[{stringValue:'111-11-1111'},{stringValue:'222-22-2222'}],
},
],
};
asyncfunctioninspectWithCustomHotwords(){
// Specify the regex pattern to be detected.
consthotwordRegexPattern='(Fake Social Security Number)';
// Specify what content you want the service to de-identify.
constcontentItem={
table:tableToInspect,
};
// Specify the type of info the inspection will look for.
constinfoTypes=[{name:'US_SOCIAL_SECURITY_NUMBER'}];
// Construct hotword rule.
consthotwordRule={
hotwordRegex:{
pattern:hotwordRegexPattern,
},
likelihoodAdjustment:{
fixedLikelihood:
DLP.protos.google.privacy.dlp.v2.Likelihood .VERY_UNLIKELY ,
},
proximity:{
windowBefore:1,
},
};
// Construct rule set for the inspect configuration.
constinspectionRuleSet={
infoTypes:infoTypes,
rules:[
{
hotwordRule:hotwordRule,
},
],
};
// Construct the configuration for the Inspect request.
constconfig={
infoTypes:infoTypes,
ruleSet:[inspectionRuleSet],
minLikelihood:DLP.protos.google.privacy.dlp.v2.Likelihood .POSSIBLE ,
includeQuote:true,
};
// Construct the Inspect request to be sent by the client.
constrequest={
parent:`projects/${projectId}/locations/global`,
item:contentItem,
inspectConfig:config,
};
// Use the client to send the API request.
const[response]=awaitdlp.inspectContent(request);
// Print Findings.
constfindings=response.result.findings;
if(findings.length > 0){
console.log(`Findings: ${findings.length}\n`);
findings.forEach(finding=>{
console.log(`InfoType: ${finding.infoType.name}`);
console.log(`\tQuote: ${finding.quote}`);
console.log(`\tLikelihood: ${finding.likelihood} \n`);
});
}else{
console.log('No findings.');
}
}
inspectWithCustomHotwords();

PHP

To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries.

To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment. 

use Google\Cloud\Dlp\V2\Client\DlpServiceClient;
use Google\Cloud\Dlp\V2\ContentItem;
use Google\Cloud\Dlp\V2\CustomInfoType\DetectionRule\HotwordRule;
use Google\Cloud\Dlp\V2\CustomInfoType\DetectionRule\LikelihoodAdjustment;
use Google\Cloud\Dlp\V2\CustomInfoType\DetectionRule\Proximity;
use Google\Cloud\Dlp\V2\CustomInfoType\Regex;
use Google\Cloud\Dlp\V2\FieldId;
use Google\Cloud\Dlp\V2\InfoType;
use Google\Cloud\Dlp\V2\InspectConfig;
use Google\Cloud\Dlp\V2\InspectContentRequest;
use Google\Cloud\Dlp\V2\InspectionRule;
use Google\Cloud\Dlp\V2\InspectionRuleSet;
use Google\Cloud\Dlp\V2\Likelihood;
use Google\Cloud\Dlp\V2\Table;
use Google\Cloud\Dlp\V2\Table\Row;
use Google\Cloud\Dlp\V2\Value;
/**
 * Hotword example: Set the match likelihood of a table column.
 * This example demonstrates how you can set the match likelihood of an entire column of data.
 * This approach is helpful, for example, if you want to exclude a column of data from inspection
 * results.
 *
 * @param string $projectId The Google Cloud project id to use as a parent resource.
 */
function inspect_column_values_w_custom_hotwords(string $projectId): void
{
 // Instantiate a client.
 $dlp = new DlpServiceClient();
 $parent = "projects/$projectId/locations/global";
 // Specify the table to be inspected.
 $tableToDeIdentify = (new Table())
 ->setHeaders([
 (new FieldId())
 ->setName('Fake Social Security Number'),
 (new FieldId())
 ->setName('Real Social Security Number'),
 ])
 ->setRows([
 (new Row())->setValues([
 (new Value())
 ->setStringValue('111-11-1111'),
 (new Value())
 ->setStringValue('222-22-2222')
 ])
 ]);
 $item = (new ContentItem())
 ->setTable($tableToDeIdentify);
 // Specify the regex pattern the inspection will look for.
 $hotwordRegexPattern = 'Fake Social Security Number';
 // Specify hotword likelihood adjustment.
 $likelihoodAdjustment = (new LikelihoodAdjustment())
 ->setFixedLikelihood(Likelihood::VERY_UNLIKELY);
 // Specify a window around a finding to apply a detection rule.
 $proximity = (new Proximity())
 ->setWindowBefore(1);
 // Construct the hotword rule.
 $hotwordRule = (new HotwordRule())
 ->setHotwordRegex((new Regex())
 ->setPattern($hotwordRegexPattern))
 ->setLikelihoodAdjustment($likelihoodAdjustment)
 ->setProximity($proximity);
 // Construct rule set for the inspect config.
 $infotype = (new InfoType())
 ->setName('US_SOCIAL_SECURITY_NUMBER');
 $inspectionRuleSet = (new InspectionRuleSet())
 ->setInfoTypes([$infotype])
 ->setRules([
 (new InspectionRule())
 ->setHotwordRule($hotwordRule)
 ]);
 // Construct the configuration for the Inspect request.
 $inspectConfig = (new InspectConfig())
 ->setInfoTypes([$infotype])
 ->setIncludeQuote(true)
 ->setRuleSet([$inspectionRuleSet])
 ->setMinLikelihood(Likelihood::POSSIBLE);
 // Run request.
 $inspectContentRequest = (new InspectContentRequest())
 ->setParent($parent)
 ->setInspectConfig($inspectConfig)
 ->setItem($item);
 $response = $dlp->inspectContent($inspectContentRequest);
 // Print the results.
 $findings = $response->getResult()->getFindings();
 if (count($findings) == 0) {
 printf('No findings.' . PHP_EOL);
 } else {
 printf('Findings:' . PHP_EOL);
 foreach ($findings as $finding) {
 printf(' Quote: %s' . PHP_EOL, $finding->getQuote());
 printf(' Info type: %s' . PHP_EOL, $finding->getInfoType()->getName());
 printf(' Likelihood: %s' . PHP_EOL, Likelihood::name($finding->getLikelihood()));
 }
 }
}

Python

To learn how to install and use the client library for Sensitive Data Protection, see Sensitive Data Protection client libraries.

To authenticate to Sensitive Data Protection, set up Application Default Credentials. For more information, see Set up authentication for a local development environment. 

fromtypingimport List
importgoogle.cloud.dlp
definspect_column_values_w_custom_hotwords(
 project: str,
 table_header: List[str],
 table_rows: List[List[str]],
 info_types: List[str],
 custom_hotword: str,
) -> None:
"""Uses the Data Loss Prevention API to inspect table data using built-in
 infoType detectors, excluding columns that match a custom hot-word.
 Args:
 project: The Google Cloud project id to use as a parent resource.
 table_header: List of strings representing table field names.
 table_rows: List of rows representing table values.
 info_types: The infoType for which hot-word rule is applied.
 custom_hotword: The custom regular expression used for likelihood boosting.
 """
 # Instantiate a client
 dlp = google.cloud.dlp_v2 .DlpServiceClient ()
 # Construct the `table`. For more details on the table schema, please see
 # https://cloud.google.com/dlp/docs/reference/rest/v2/ContentItem#Table
 headers = [{"name": val} for val in table_header]
 rows = []
 for row in table_rows:
 rows.append({"values": [{"string_value": cell_val} for cell_val in row]})
 table = {"headers": headers, "rows": rows}
 # Construct the `item` for table to be inspected.
 item = {"table": table}
 # Prepare info_types by converting the list of strings into a list of
 # dictionaries.
 info_types = [{"name": info_type} for info_type in info_types]
 # Construct a rule set with caller provided hot-word, with a likelihood
 # boost to VERY_UNLIKELY when the hot-word are present
 hotword_rule = {
 "hotword_regex": {"pattern": custom_hotword},
 "likelihood_adjustment": {
 "fixed_likelihood": google.cloud.dlp_v2 .Likelihood .VERY_UNLIKELY
 },
 "proximity": {"window_before": 1},
 }
 rule_set = [
 {
 "info_types": info_types,
 "rules": [{"hotword_rule": hotword_rule}],
 }
 ]
 # Construct the configuration dictionary, which defines the entire inspect content task.
 inspect_config = {
 "info_types": info_types,
 "rule_set": rule_set,
 "min_likelihood": google.cloud.dlp_v2 .Likelihood .POSSIBLE,
 "include_quote": True,
 }
 # Convert the project id into a full resource id.
 parent = f"projects/{project}/locations/global"
 # Call the API
 response = dlp.inspect_content (
 request={
 "parent": parent,
 "inspect_config": inspect_config,
 "item": item,
 }
 )
 # Print out the results.
 if response.result.findings:
 for finding in response.result.findings:
 try:
 if finding.quote:
 print(f"Quote: {finding.quote}")
 except AttributeError:
 pass
 print(f"Info type: {finding.info_type.name}")
 print(f"Likelihood: {finding.likelihood}")
 else:
 print("No findings.")

REST

JSON input:

{
"item":{
"table":{
"headers":[
{
"name":"Fake Social Security Number"
},
{
"name":"Real Social Security Number"
}
],
"rows":[
{
"values":[
{
"stringValue":"111-11-1111"
},
{
"stringValue":"222-22-2222"
}
]
}
]
}
},
"inspectConfig":{
"infoTypes":[
{
"name":"US_SOCIAL_SECURITY_NUMBER"
}
],
"includeQuote":true,
"ruleSet":[
{
"infoTypes":[
{
"name":"US_SOCIAL_SECURITY_NUMBER"
}
],
"rules":[
{
"hotwordRule":{
"hotwordRegex":{
"pattern":"(Fake Social Security Number)"
},
"likelihoodAdjustment":{
"fixedLikelihood":"VERY_UNLIKELY"
},
"proximity":{
"windowBefore":1
}
}
}
]
}
],
"minLikelihood":"POSSIBLE"
}
}

JSON output:

{
 "result": {
 "findings": [
 {
 "quote": "222-22-2222",
 "infoType": {
 "name": "US_SOCIAL_SECURITY_NUMBER"
 },
 "likelihood": "VERY_LIKELY",
 "location": {
 "byteRange": {
 "end": "11"
 },
 "codepointRange": {
 "end": "11"
 },
 "contentLocations": [
 {
 "recordLocation": {
 "fieldId": {
 "name": "Real Social Security Number"
 },
 "tableLocation": {}
 }
 }
 ]
 },
 "createTime": "TIMESTAMP",
 "findingId": "TIMESTAMP"
 }
 ]
 }
}

The value 111-11-1111, which is in the Fake Social Security Number column, matched the hotword rule, so Sensitive Data Protection assigned to it the VERY_UNLIKELY likelihood level . This level is lower than the minimum likelihood set in the inspection configuration (POSSIBLE), so this finding is excluded from the inspection result.

You can experiment with this example by removing the rule set. Notice that Sensitive Data Protection includes 111-11-1111 in the results.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025年11月24日 UTC.