Enterprise DLP
Configure Connectivity to the DLP Cloud Service
Table of Contents
Configure Connectivity to the DLP Cloud Service
Configure connectivity between the Exact Data Matcing (EDM) CLI application and the DLP
cloud service on your local device.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Enterprise DLP license
|
To configure connectivity to the DLP cloud
service, you must create an access token and then configure the upload_config.properties file
included with the EDM CLI application. The access token you create
is how the DLP cloud service authenticates you and understands which
DLP user is uploading an EDM data set to the DLP cloud service.
If you use a proxy server to connect to the internet, you must enter
the proxy server details in the upload_config.properties file
as well to successfully upload an EDM data set.
- Access the Common Services Identity and & Access settings and add a Service Account to generate the Client ID and Client Secret.If you already have a Service Account created, you can Reset Client Secret to recover a lost Client Secret.
- The Client ID and Client Secret are used to authenticate and connect the EDM CLI application to the DLP cloud service.When you create the Service Account, the Client ID and Client Secret are displayed in the Client Credentials. You can manually copy the Client Credentials or Download CSV File to download the Client Credentials in plaintext locally to your device.
![]()
- The service account must be assigned a role to upload EDM data sets to the DLP cloud service. EDM data set uploads fail if the service account doesn't have a role assigned with write access privileges to Enterprise DLP.You can assign any predefined role on Strata Cloud Manager or a predefined or custom role specific to the Enterprise DLP app on Strata Cloud Manager.If you're creating a service account only for EDM data set uploads, Palo Alto Networks recommends assigning the DLP Policy Administrator role for the Enterprise DLP app. The service account uploading EDM data sets to the DLP cloud service requires write privileges to successfully upload.
![]()
Set Up the EDM CLI Application.Download EDM CLI application 3.0 or later version to upload an EDM data set to a TSG-supported tenant.On the local device where you downloaded the EDM CLI application, navigate to and open the upload configuration file.The upload configuration file is bundled with the package-edm-secure-cli-<version>-<platform>.zip file contents you extracted when you set up the EDM CLI application.The name of the upload configuration file for Linux and Windows versions of the EDM CLI display as:- Linux—upload_config.properties
- Windows—upload_config
![]()
Configure the upload configuration file to enable connectivity to the DLP cloud service.- In the have_access_token_refresh_token, enter no.Add the client_id andclient_secret.Specify whether the local device uploading the EDM data set to the DLP cloud service requires a proxy server to the connect to the internet.If a proxy server isn’t required, enter no (default).If a proxy server is required, enter yes.(Proxy server only) Enter the proxy_host_name and proxy_port_number.Skip this step if a proxy server isn’t required for the local device to connect to the internet.(Proxy server only) Enter the proxy_user_name and proxy_password.Skip this step if a proxy server isn’t required for the local device to connect to the internet.Enter the dataset_name for the EDM data set you want to upload. The data set name entered here is used in Strata Cloud Manager for the uploaded EDM data set.Save the changes to the upload configuration file.
![]()
