Enterprise DLP
Set Up the EDM CLI App
Table of Contents
Expand All
|
Collapse All
Enterprise DLP Docs
Set Up the EDM CLI App
Download the secure Exact Data Matching (EDM) CLI app on your local Windows or Linux
device.
Where Can I Use This? | What Do I Need? |
---|---|
|
Or any of the following licenses that include the Enterprise DLP license
|
The Exact Data Matching (EDM) CLI app is a secure CLI tool used to upload hash encrypted EDM data
sets to Enterprise Data Loss Prevention (E-DLP). The EDM CLI app accepts a source file in CSV or
TSV format. The EDM CLI app then generates an encrypted hash EDM data set with
AES-256 encryption of the source file and saves it as a zip file that you can upload
to Enterprise DLP. The EDM CLI app applies a one-way hash to each field in the
CSV or TSV file that is then encoded in Base64. After securing the file, the EDM CLI
app generates a zip file containing the secured data set.
The EDM CLI app is supported on Microsoft Windows and Linux operating systems such as Ubuntu,
Debian, and CentOS.
The EDM CLI app is downloaded from Strata Cloud Manager and includes the following:
- README.TXT—Quick overview of the EDM CLI app functionality, including descriptions of data types and column values.
- edm-secure-cli-<version>.jar—The executable Java app.
- config.properties—Configuration file you can prepopulate to upload a file to Enterprise DLP.
- upload_config.properties—Configuration file for the connectivity settings to connect to Enterprise DLP.
- lib—Directory containing all the dependency libraries required by the EDM Secure CLI app.
- log4j2.xml—Configuration files for debugging and logging.
- sample_dataset.csv—Sample CSV file you can use as a template for upload to Enterprise DLP.
- (Windows) edm-secure-cli.bat—Windows batch file used to create and upload an EDM data set to Enterprise DLP.(Linux) edm-secure-cli.sh—Bash script used to create and upload an EDM data set to Enterprise DLP.
- Review the setup prerequisites for Enterprise DLP before you set up the EDM CLI app.Allow the required FQDNs and IP addresses listed here to successfully upload EDM data sets and forward traffic to Enterprise DLP for inspection.Deploy the device you will use to upload EDM data sets to Enterprise DLP.You can upload EDM data sets to Enterprise DLP using any physical or virtual device running a Windows or Linux operating system.If you plan to deploy a dedicated virtual machine to upload EDM data sets to Enterprise DLP, Palo Alto Networks recommends you allocate a minimum of four CPUs and 8 GB memory to the virtual machine.Log in to Strata Cloud Manager.Enable Exact Data Matching (EDM).It might take up to 24 hours for Palo Alto Networks to enable EDM functionality.Continue to the next step after Palo Alto Networks enabled EDM. You can verify you enabled EDM when you have the ability to download the EDM CLI app to your local device.Download the EDM CLI app.The entire contents of the EDM CLI app are downloaded as a .zip file.
- Select ManageConfigurationData Loss PreventionDetection MethodsExact Data Matching and expand the EDM Setup GuideClick Download EDM Tool and Download the latest version of the EDM CLI app.
- Select Windows 64-bit if you’re installing the EDM CLI app on a Microsoft Windows device.
- Select Linux 64-bit if you're installing the EDM CLI app on a Linux device.
- Select and download the latest EDM CLI version available.Download version 3.5 or later to upload EDM data sets in an air-gapped environment.If you use an older unsupported version of the CLI, the CLI will display an error message: Please use the latest version of cli tool. Latest version: <latest-version>.
(Optional) Create a new folder for EDM on your local device.The EDM CLI app generates secured versions of all EDM data sets uploaded to Enterprise DLP and logs for EDM CLI app activity. As a best practice, create a folder just for the EDM CLI app to contain all EDM-specific files to a single folder.Refer to the documentation for Microsoft Windows or your specific Linux OS for more information on creating a new folder.Extract the EDM zip file contents.- On your local device, navigate to the downloaded package-edm-secure-cli-<version>-<platform>.zip file.Right-click the package-edm-secure-cli-<version>-<platform>.zip file and click Extract To.Select a folder and Extract.(Best Practices) Select the folder you created for your EDM CLI app files.Verify the extracted .zip file contains all the required EDM CLI app files.Install Java on your local device.The EDM CLI app requires a 64-bit Java version, such as JDK 64-Bit, to run.
- Open the terminal and view the Java version currently installed.admin: java -versionInstall the latest version of Java.Skip this step if you already have a 64-bit Java version, such as JDK 64-Bit, already installed. Refer to the Microsoft Windows or your Linux OS documentation for the command to install the latest version of Java.(Linux only) Make the EDM CLI app script readable, writable, and executable.
- Navigate to the directory where you extracted the EDM CLI app .zip contents.In this example, we extracted the package-edm-secure-cli-<version>-<platform>.zip contents to the EDM directory.Make the EDM CLI app script readable, writable, and executable.admin: chmod 777 ./edm-secure-cli.sh