>
    Set Up the EDM CLI Application
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Configure Enterprise DLP
    4. Exact Data Matching (EDM)
    5. Set Up the EDM CLI Application
    Download PDF
    Enterprise DLP

    Set Up the EDM CLI Application

    Table of Contents

    Set Up the EDM CLI Application

    Download the secure Exact Data Matching (EDM) CLI application on your local Windows or Linux device.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Panorama or Strata Cloud Manager)
    • Prisma Access (Managed by Panorama or Strata Cloud Manager)
    • Enterprise Data Loss Prevention (E-DLP) license
      Review the Supported Platforms for details on the required license for each enforcement point.
    Or any of the following licenses that include the Enterprise DLP license
    • Prisma Access CASB license
    • Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
    • Data Security license
    The Exact Data Matching (EDM) CLI application is a secure CLI tool used to upload hash encrypted EDM data sets to the DLP cloud service. The EDM CLI application accepts a source file in CSV or TSV format. The EDM CLI application then generates an encrypted hash EDM data set with AES-256 encryption of the source file which is saved as zip file that can be uploaded to the DLP cloud service. The EDM CLI application applies a one-way hash to each field in the CSV or TSV file that is then encoded in Base64. After securing the file, the EDM CLI application generates a zip file containing the secured data set.
    The EDM CLI application is supported on Microsoft Windows and Linux operating systems such as Ubuntu, Debian, and CentOS.
    The EDM CLI application is downloaded from Strata Cloud Manager and includes the following:
    • README.TXT—Quick overview of the EDM CLI application functionality, including descriptions of data types and column values.
    • edm-secure-cli-<version>.jar—The executable Java application.
    • config.properties—Configuration file you can prepopulate to upload a file to the DLP cloud service.
    • upload_config.properties—Configuration file for the connectivity settings to connect to the DLP cloud service.
    • lib—Directory containing all the dependency libraries required by the EDM Secure CLI application.
    • log4j2.xml—Configuration files for debugging and logging.
    • sample_dataset.csv—Sample CSV file you can use a template for upload to the DLP cloud service.
    • (Windows) edm-secure-cli.bat—Windows batch file used to create and upload an EDM data set to the DLP cloud service.
      (Linux) edm-secure-cli.sh—Bash script used to create and upload an EDM data set to the DLP cloud service.
    1. Review the setup prerequisites for Enterprise DLP before you set up the EDM CLI application.
      You must allow the required FQDNs and IP addresses listed here to successfully uploaded EDM data sets and forward traffic to the DLP cloud service for inspection.
    2. Deploy the device you will use to upload EDM data sets to the DLP cloud services.
      You can upload EDM data sets to the DLP cloud service using any physical or virtual device running a Windows or Linux operating system.
      If you plan to deploy a dedicated virtual machine to upload EDM data sets to the DLP cloud service, Palo Alto Networks recommends you allocate a minimum of four CPUs and 8 GB memory to the virtual machine.
    3. Log in to Strata Cloud Manager.
    4. Enable Exact Data Matching (EDM).
      It might take up to 24 hours for Palo Alto Networks to enable EDM functionality.
      Continue to the next step after Palo Alto Networks enabled EDM. You can verify that EDM is enabled when have the ability to download the EDM CLI application to your local device.
    5. Download the EDM CLI application.
      The entire contents of the EDM CLI application are downloaded as a .zip file.
      1. Select ManageConfigurationData Loss PreventionDetection MethodsExact Data Matching and expand the EDM Setup Guide
      2. Click Download EDM Tool and Download the latest version of the EDM CLI application.
        • Select Windows 64-bit if you’re installing the EDM CLI application on a Microsoft Windows device.
        • Select Linux 64-bit if you are installing the EDM CLI application on a Linux device.
        • Select and download the latest EDM CLI version available.
          If you use an older unsupported version of the CLI, the CLI will display an error message: Please use the latest version of cli tool. Latest version: <latest-version>.
    6. (Optional) Create a new folder for EDM on your local device.
      The EDM CLI application generates secured versions of all EDM data sets uploaded to the DLP cloud service and logs for EDM CLI application activity. As a best practice, create a folder just for the EDM CLI application to contain all EDM-specific files to a single folder.
      Refer to the documentation for Microsoft Windows or your specific Linux OS for more information on creating a new folder.
    7. Extract the EDM zip file contents.
      1. On your local device, navigate to the downloaded package-edm-secure-cli-<version>-<platform>.zip file.
      2. Right-click the package-edm-secure-cli-<version>-<platform>.zip file and click Extract To.
      3. Select a folder and Extract.
        (Best Practices) Select the folder you created for your EDM CLI application files.
    8. Verify the extracted .zip file contains all the required EDM CLI application files.
    9. Install Java on your local device.
      A 64-bit Java version, such as JDK 64-Bit, is required to run the EDM CLI application.
      1. Open the terminal and view the Java version currently installed.
        admin: java -version
      2. Install version of Java.
        Skip this step if you already have a 64-bit Java version, such as JDK 64-Bit, already installed. Refer to the Microsoft Windows or your Linux OS documentation for the command to install the latest version of Java.
    10. (Linux only) Make the EDM CLI application script readable, writable, and executable.
      1. Navigate to the directory where the EDM CLI application .zip contents were extracted.
        In this example, the package-edm-secure-cli-<version>-<platform>.zip contents were extracted to the EDM directory.
      2. Make the EDM CLI application script readable, writable, and executable.
        admin: chmod 777 ./edm-secure-cli.sh
    11. Configure Connectivity to the DLP Cloud Service.

    © 2024 Palo Alto Networks, Inc. All rights reserved.