# Google DLP

{% hint style="info" %}
See the changelog of this Action type [here](/actions/google-dlp.md).
{% endhint %}

## Overview

The **Google DLP** Action is designed to integrate with Google's **Data Loss Prevention (DLP) API**. This Action allows detecting and classifying sensitive information, enabling workflows to comply with data protection requirements.

This Action does not generate new events. Instead, it processes incoming events to detect sensitive information based on the configured `Info Types` and returns the corresponding findings.

<figure><picture><source srcset="/files/KvKDmjFikUxYnlf4OxiJ" media="(prefers-color-scheme: dark)"><img src="/files/AgZpEi6lIHE8U65XDj9L" alt=""></picture><figcaption></figcaption></figure>

{% hint style="warning" %}
In order to configure this action, you must first link it to a Listener. Go to [Building a Pipeline ](/the-workspace/pipelines/building-a-pipeline.md)to learn how this works.
{% endhint %}

## Ports

These are the input and output ports of this Action:

<details>

<summary>Input ports</summary>

* **Default port** - All the events to be processed by this Action enter through this port.

</details>

<details>

<summary>Output ports</summary>

* **Error port** - Events are sent through this port if an error occurs while processing them.

</details>

## Configuration

{% stepper %}
{% step %}
Find **Google DLP** in the **Actions** tab (under the **Advanced** group) and drag it onto the canvas.
{% endstep %}

{% step %}
To open the configuration, click the Action in the canvas and select **Configuration**.
{% endstep %}

{% step %}
Enter the required parameters:

<table><thead><tr><th width="234">Parameter</th><th>Description</th><th data-hidden></th></tr></thead><tbody><tr><td><strong>Info Types</strong><mark style="color:red;"><strong>*</strong></mark></td><td>Type(s) of sensitive data to detect. You can choose as many types as needed.</td><td></td></tr><tr><td><strong>Data to Inspect</strong><mark style="color:red;"><strong>*</strong></mark></td><td>Choose the input field that contains the data to be inspected by the DLP API.</td><td></td></tr><tr><td><strong>JSON credentials</strong><mark style="color:red;"><strong>*</strong></mark></td><td>JSON object containing the credentials required to authenticate with the Google DLP API.</td><td></td></tr><tr><td><strong>Output Field</strong><mark style="color:red;"><strong>*</strong></mark></td><td>Name of the new field where the results of the DLP evaluation will be stored.</td><td></td></tr><tr><td><strong>Minimum Likelihood</strong></td><td><p>For each potential finding that is detected during the scan, the DLP API assigns a likelihood level. The likelihood level of a finding describes how likely it is that the finding matches an <code>Info Type</code> that you're scanning for. For example, it might assign a likelihood of <code>Likely</code> to a finding that looks like an email address.</p><p>The API will filter out any findings that have a lower likelihood than the minimum level that you set here. </p><p>The available values are:</p><ul><li><code>Very Unlikely</code></li><li><code>Unlikely</code></li><li><code>Possible</code> (This is the default value)</li><li><code>Likely</code></li><li><code>Very Likely</code></li></ul><p>For example, if you set the minimum likelihood to <code>Possible</code>, you get only the findings that were evaluated as <code>Possible</code>, <code>Likely</code>, and <code>Very likely</code>. If you set the minimum likelihood to <code>Very likely</code>, you get the smallest number of findings.</p></td><td></td></tr><tr><td><strong>Include Quote</strong></td><td>If <code>true</code>, includes a contextual quote from the data that triggered a finding. The default value is <code>true</code>.</td><td></td></tr><tr><td><strong>Exclude Info Types</strong></td><td>If <code>true</code>, excludes type information of the findings. The default value is <code>false</code>.</td><td></td></tr></tbody></table>
{% endstep %}

{% step %}
Click **Save** to complete the process.
{% endstep %}
{% endstepper %}

## Example

Imagine you want to ensure that logs sent to a third-party service do not contain sensitive information such as credit card numbers, personal identification numbers, or passwords. To do it:

{% stepper %}
{% step %}
Add the **Google DLP** Action to your Pipeline and link it to your required Data sink.
{% endstep %}

{% step %}
Now, double-click the **Google DLP** Action to configure it. You need to set the following config:

<table><thead><tr><th width="234">Parameter</th><th>Description</th><th data-hidden></th></tr></thead><tbody><tr><td><strong>Info Types</strong></td><td><p>Choose the following info types:</p><ul><li><code>Credit Card Number</code></li><li><code>Email Address</code></li><li><code>Password</code></li></ul></td><td></td></tr><tr><td><strong>Data to Inspect</strong></td><td>Choose the input field that contains the data to be inspected by the DLP API.</td><td></td></tr><tr><td><strong>JSON credentials</strong></td><td>JSON object containing the credentials required to authenticate with the Google DLP API.</td><td></td></tr><tr><td><strong>Output Field</strong></td><td>Name of the new field where the results of the DLP evaluation will be stored.</td><td></td></tr><tr><td><strong>Minimum Likelihood</strong></td><td>We set the likelihood to <code>Possible</code>, as we want the right balance between recall and precision. </td><td></td></tr><tr><td><strong>Include Quote</strong></td><td>We want contextual info of the findings, so we set this to <code>true</code>.</td><td></td></tr><tr><td><strong>Exclude Info Types</strong></td><td>Set this to <code>true</code>, as we want to include type information of the findings.</td><td></td></tr></tbody></table>
{% endstep %}

{% step %}
Click **Save** to apply the configuration.
{% endstep %}

{% step %}
Now link the *Default* output port of the Action to the input port of your Data sink.
{% endstep %}

{% step %}
Finally, click **Publish** and choose in which clusters you want to publish the Pipeline.
{% endstep %}

{% step %}
Click **Test pipeline** at the top of the area and choose a specific number of events to test if your data is transformed properly. Click **Debug** to proceed.
{% endstep %}
{% endstepper %}

This is the input data field we chose for our analysis:

```
{
  "Info": "My credit card number is 4111-1111-1111-1111"
}
```

And this is a sample output data with the corresponding results of the DLP API:

```
{
  "dlpFindings": {
    "findings": [
      {
        "infoType": "CREDIT_CARD_NUMBER",
        "likelihood": "VERY_LIKELY",
        "quote": "4111-1111-1111-1111"
      }
    ]
  }
}
```

{% hint style="info" %}
Check out our [Data Loss Prevention Use Case](/usecases/security/data-loss-prevention.md) using this action.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.onum.com/the-workspace/pipelines/actions/advanced/google-dlp.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.