从您的Elasticsearch索引和可搜索快照中删除字段数据
项目描述
你在Elasticsearch索引中找到了不属于那里的PII(个人信息)吗?这个工具就是为你准备的!
elastic-pii-redacter可以帮助你从甚至可搜索快照挂载的索引中删除信息。它还可以处理深层嵌套的字段!
客户端配置
该工具通过使用Python模块es_client连接。
您可以使用命令行选项或YAML配置文件来配置客户端连接。如果希望使用配置文件,则配置文件结构需要在根级别包含elasticsearch,如下所示
---
elasticsearch:
client:
hosts: https://10.11.12.13:9200
cloud_id:
request_timeout: 60
verify_certs:
ca_certs:
client_cert:
client_key:
other_settings:
username:
password:
api_key:
id:
api_key:
token:
logging:
loglevel: INFO
logfile: /path/to/file.log
logformat: default
blacklist: []
REDACTIONS_FILE 配置
注意:如果在forcemerge下,only_expunge_deletes为True,则任何配置的max_num_segments值都将被忽略,并且仅清除标记为删除的文档。注意这个区别非常重要,因为默认行为是将每个分片合并为1个段。
---
redactions:
- job_name_20240506_redact_hot:
pattern: hot-*
query: {'match': {'message': 'message1'}}
fields: ['message']
message: REDACTED
expected_docs: 1
restore_settings: {'index.routing.allocation.include._tier_preference': 'data_warm,data_hot,data_content'}
- job_name_20240506_redact_cold:
pattern: restored-cold-*
query: {'match': {'nested.key': 'nested19'}}
fields: ['nested.key']
message: REDACTED
expected_docs: 1
restore_settings: {'index.routing.allocation.include._tier_preference': 'data_warm,data_hot,data_content'}
forcemerge:
max_num_segments: 1
- job_name_20240506_redact_frozen:
pattern: partial-frozen-*
query: {'range': {'number': {'gte': 8, 'lte': 11}}}
fields: ['deep.l1.l2.l3']
message: REDACTED
expected_docs: 4
forcemerge:
only_expunge_deletes: True
关闭
哈希值 for elasticsearch_pii_redacter-1.11.0-py3-none-any.whl
| 算法 | 哈希摘要 | |
|---|---|---|
| SHA256 | 53a61f6fad7d1a6f7b53e0dc126dd011e9649af171488390c5fc1be940853973 |
|
| MD5 | c21ac75eeb956d2cacdabdfd7535baac |
|
| BLAKE2b-256 | f7b7deef31c72ce05a042868e5c242f8efe0bb5b836cd1632946aee872ceff81 |