Sensitive Data Discovery and Protection (SDDP) automatically scans the authorized data assets for sensitive data. On the Identify Task Monitoring page, you can view the details of scan tasks that are generated by SDDP for scanning authorized data assets and re-run the scan tasks as required.

Background information

SDDP allows you to manage scan tasks that target your data stored in MaxCompute, Relational Database Service (RDS), Object Storage Service (OSS), Tablestore, user-created databases hosted on Elastic Compute Service (ECS) instances, PolarDB-X, and PolarDB.

After you authorize SDDP to access specific data assets, SDDP automatically creates and runs scan tasks for these data assets to detect sensitive data. By default, the automatic scan feature is enabled for scan tasks that are created. This feature allows SDDP to run a full scan on authorized data assets and then scan the data that is newly written to or modified in these data assets at an interval of 4 hours. In addition, after you create or modify a sensitive data detection rule, SDDP automatically re-runs scan tasks for which the automatic scan feature is enabled. Fees are incurred based on the size of scanned data. For more information, see Pay-as-you-go.

View the details of scan tasks

On the Identify Task Monitoring page, you can view the details of each scan task, including the target data asset, task status, and time when the task was completed. To view task details, perform the following steps:

  1. Log on to the SDDP console.
  2. In the left-side navigation pane, choose Sensitive Data Identification > Identify Task Monitoring.
  3. On the Identify Task Monitoring page, click the tab of the service for which you want to view scan tasks.
  4. Optional:Select the region, enter the name of the target data asset, specify the beginning and end of the time range to query, and then click Search.
  5. In the returned results, view the details of each scan task, including the target data asset, task status, and time when the task was completed.Scan tasks

Rescan your data assets

You can re-run scan tasks in the following scenarios:

  • If you have not enabled the automatic scan feature for a scan task, the scan task is not run after it is created. You must re-run the scan task to start it.
  • If you enable the automatic scan feature for a scan task, SDDP automatically re-runs the scan task to scan the data that is newly written to or modified in the target data asset at an interval of 4 hours. You can also re-run the scan task to immediately scan the target data asset after you modify the data in the data asset.
Note SDDP charges you daily for the number of files that are scanned. Fees are incurred for rescans. For more information, see Pay-as-you-go.

To rescan a data asset, perform the following steps:

  1. Log on to the SDDP console.
  2. In the left-side navigation pane, choose Sensitive Data Identification > Identify Task Monitoring.
  3. On the Identify Task Monitoring page, click the tab of the service for which you want to rescan data.
  4. Find the target data asset and click Rescan in the Operation column.Rescan
  5. In the Confirm Rescan message, click OK.
    Generally, the rescan can be completed within 10 minutes. Wait until the data asset is scanned.
    After the rescan is started, the scan task enters the Scanning or Waiting state. The percentage that appears in the Scan Status column indicates the progress of the scan task.Scanning