Qscan
QScan is Qpoint's PII detection service for HTTP traffic captured by Qtap. It uses machine learning models to automatically identify sensitive data -- such as names, email addresses, credit card numbers, and social security numbers -- flowing through your APIs.
How It Works
QScan operates as an asynchronous scanning pipeline:
Qtap captures HTTP request and response payloads and stores them as artifacts in S3-compatible object storage
Pulse schedules scan jobs for new artifacts
QScan polls Pulse for pending jobs, pulls artifacts from S3, scans them using ML models, and reports results back to Pulse
Pulse surfaces PII findings in your dashboards
QScan must have network access to both your S3 storage endpoint and the Pulse API. It does not need to run alongside Qtap -- it can be deployed anywhere with the required connectivity.
Detection Models
QScan combines multiple detection engines for comprehensive coverage:
Piiranha -- transformer-based NER model optimized for PII detection
Presidio -- Microsoft's rule-based and ML-powered PII analyzer
Flair NER -- sequence labeling model for named entity recognition
Results from all models are merged and deduplicated to minimize false negatives.
Key Features
Multi-model detection: Three complementary engines for high recall across PII types
GPU acceleration: Optional NVIDIA GPU support for faster inference
Horizontal scaling: Deploy multiple instances with configurable poller and scanner counts
Prometheus metrics: Built-in metrics endpoint for monitoring scan throughput and health
S3-compatible storage: Works with AWS S3, Google Cloud Storage, MinIO, and any S3-compatible endpoint
Automatic credential handling: When using Qpoint's managed storage, the registration token is used for S3 authentication automatically
Last updated