README
¶
Presidio - Data Loss Prevention API
Context aware, born to the cloud, customizable data loss prevention service
Description
Presidio (Origin from Latin praesidium ‘protection, garrison’) helps to ensure sensitive text is properly managed and governed. It provides fast analytics and anonymization for sensitive text such as credit card numbers, bitcoin wallets, names, locations, social security numbers, US phone numbers and financial data. Presidio analyzes the text using predefined analyzers to identify patterns, formats, and checksums with relevant context.
You can find a more detailed list here
⚠ Presidio can help identify sensitive/PII data in un/structured text. However, because Presidio is using trained ML models, there is no guarantee that Presidio will find all sensitive information. Consequently, additional systems and protections should be employed.
Features
-
Text analytics - Predefined analyzers with customizable fields.
-
Probability scores - Customize the sensitive text detection threshold.
-
Anonymization - Anonymize sensitive text and images
-
Workflow and pipeline integration - Monitor your data with periodic scans or events of
- Storage solutions
- Azure Blob Storage
- S3
- Google Cloud Storage
- Databases
- MySQL
- PostgreSQL
- Sql Server
- Oracle
and export the results for further analytics:
- Databases
- Streaming platform
- Kafka
- Azure Events Hubs
- Storage solutions
The Technology Stack
Presidio leverages
The design document introduces Presidio concepts and architecture.
Quickstart
- Install Presidio
- Create a Presidio project
- Start using the Presidio analyze and anonymize services
Note: Examples are made with HTTPie
Sample 1
- Analyze text
echo -n '{"text":"John Smith lives in New York. We met yesterday morning in Seattle. I called him before on (212) 555-1234 to verify the appointment. He also told me that his drivers license is AC333991", "analyzeTemplate":{"fields":[]} }' | http <api-service-address>/api/v1/projects/<my-project>/analyze
Sample 2
You can also create reusable templates
- Create an analyzer project
echo -n '{"fields":[]}' | http <api-service-address>/api/v1/templates/<my-project>/analyze/<my-template-name>
- Analyze text
echo -n '{"text":"my credit card number is 2970-84746760-9907 345954225667833 4961-2765-5327-5913", "AnalyzeTemplateId":"<my-template-name>" }' | http <api-service-address>/api/v1/projects/<my-project>/analyze
Sample 3
- Create an analyzer project
echo -n '{"fields":[{"name":"PHONE_NUMBER"}, {"name":"LOCATION"}, {"name":"DATE_TIME"}]}' | http <api-service-address>/api/v1/templates/<my-project>/analyze/<my-template-name>
- Analyze text
echo -n '{"text":"We met yesterday morning in Seattle and his phone number is (212) 555 1234", "AnalyzeTemplateId":"<my-template-name>" }' | http <api-service-address>/api/v1/projects/<my-project>/analyze
Sample 4
- Create an anonymizer template (This template replaces values in PHONE_NUMBER and redacts CREDIT_CARD)
echo -n '{"fieldTypeTransformations":[{"fields":[{"name":"PHONE_NUMBER"}],"transformation":{"replaceValue":{"newValue":"\u003cphone-number\u003e"}}},{"fields":[{"name":"CREDIT_CARD"}],"transformation":{"redactValue":{}}}]}' | http <api-service-address>/api/v1/templates/<my-project>/anonymize/<my-anonymize-template-name>
- Anonymize text
echo -n '{"text":"my phone number is 057-555-2323 and my credit card is 4961-2765-5327-5913", "AnalyzeTemplateId":"<my-analyze-template-name>", "AnonymizeTemplateId":"<my-anonymize-template-name>" }' | http <api-service-address>/api/v1/projects/<my-project>/anonymize
Current Features Status
| Module | Feature | Status |
|---|---|---|
| API | HTTP input | ✅ |
| Scanner | MySQL | ❌ |
| Scanner | MSSQL | ❌ |
| Scanner | PostgreSQL | ❌ |
| Scanner | Oracle | ❌ |
| Scanner | Azure Blob Storage | ✅ |
| Scanner | S3 | ✅ |
| Scanner | Google Cloud Storage | ❌ |
| Streams | Kafka | 🔶 |
| Streams | Azure Event Hub | 🔶 |
| Datasink (output) | MySQL | ✅ |
| Datasink (output) | MSSQL | ✅ |
| Datasink (output) | Oracle | ❌ |
| Datasink (output) | PostgreSQL | ✅ |
| Datasink (output) | Kafka | ✅ |
| Datasink (output) | Azure Event Hub | ✅ |
| Datasink (output) | Azure Blob Storage | ✅ |
| Datasink (output) | S3 | ✅ |
| Datasink (output) | Google Cloud Storage | ❌ |
- ✅ - Working
- 🔶 - Partially working
- ❌ - Not working yet but we are on it 😉
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
Directories
¶
| Path | Synopsis |
|---|---|
|
pkg
|
|
|
presidio-anonymizer
|
|
|
presidio-api
|
|
|
presidio-collector
|
|
|
presidio-datasink
|
|
|
presidio-scheduler
|
|