After you activate Sensitive Data Discovery and Protection (SDDP) and configure sensitive data identification rules, SDDP automatically scans your data assets for sensitive data. On the Overview page of the SDDP console, you can view the current status of SDDP and statistics on authorized data assets, sensitive data identification, static desensitization, and anomalous events.
Currently, SDDP can scan data in MaxCompute, Relational Database Service (RDS), and Object Storage Service (OSS) for sensitive data. More services will be supported soon.
- Tables from MaxCompute and RDS.
- Objects from OSS.
You cannot query OSS objects with no sensitive data identified in the SDDP console.
The following figure shows the Overview page of the SDDP console.
View the current status
In the Current Status section, you can view the current status of SDDP, including the remaining subscription period, the number of authorized data assets, and the number of data assets that SDDP has protected.
You can renew your subscription or upgrade SDDP when the subscription is about to expire or the resource plan is about to be used up.
View the statistics on authorized data assets
In the Data Source Authorization Status section, you can view the statistics on authorized data assets, including the proportion of authorized data assets in all your data assets. For each service, this section displays the total number of data assets, the number of authorized data assets, the number of unauthorized data assets, the number of times that data assets are scanned, and the number of scanned data assets.
Click Authorize Now for a service. The Authorization Configuration page appears, where you can authorize SDDP to access more data assets and view, edit, or delete authorized data assets.
View the statistics on sensitive data identification
In the Data Identification Result section, you can view the numbers of sensitive tables, fields, and objects identified in authorized data assets.
SDDP identifies sensitive tables, fields, and objects based on the sensitive data identification rules that you have configured.
- Sensitive Tables: the total number of sensitive tables identified in MaxCompute projects and RDS databases.
- Sensitive Fields: the total number of sensitive fields identified in MaxCompute projects and RDS databases.
- Sensitive Files: the total number of sensitive objects identified in OSS buckets.
SDDP provides several built-in rules for sensitive data identification, and also allows you to configure custom identification rules. SDDP automatically identifies sensitive tables, fields, and objects and marks them with different risk levels based on sensitive data identification rules.
- S1: low.
- S2: medium.
- S3: high.
- S4: highest.
View the statistics on static desensitization
In the Static Desensitization Result section, you can view the numbers of desensitized tables and fields in MaxCompute projects and RDS databases respectively. You can also view the proportion of fields for which static desensitization is configured in all sensitive fields.
SDDP allows you to create static desensitization tasks to desensitize and protect the sensitive data in your data assets. For more information, see Manage desensitization tasks.
View the statistics on anomalous events
This section displays the following statistics:
- Unprocessed Anomalous Events: the number of anomalous events that have not been processed.
SDDP can detect anomalous events that occurred in reading and using sensitive data, including anomalous permission usage, anomalous data flows, anomalous data operations. SDDP detects anomalous events and generates anomaly alerts based on the anomaly alert configuration.
- Processed Anomalous Events: the number of anomalous events that have been processed.
SDDP allows you to process an anomalous event by confirming it as a violation or excluding it as a false positive. For more information, see Process anomalous events.
Query data assets
- Risk Levels: Specify one or more risk levels of sensitive data to query data assets. If you do not select any risk level, the system queries data assets with sensitive data at all risk levels.
- Asset Scope: Specify one or more types of the data assets to query.
- With Sensitive Data: Specify a default or custom sensitive data type to query data assets.
- Asset Name: Enter the name of a project, instance, database, package, table, or object to query the specific data asset.