>
    DLP App
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Configure Enterprise DLP
    4. Data Profiles
    5. Create a Classic Data Profile
    6. DLP App
    Download PDF
    Enterprise DLP

    DLP App

    Table of Contents

    DLP App

    Configure an Enterprise Data Loss Prevention (E-DLP) data profile on the DLP app on the hub.
    1. Log in to the DLP app on the hub.
      If you don’t already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.
    2. Select Data ProfilesAdd Data ProfileClassic Data Profile.
      You can also create a new data profile by copying an existing data profile. This allows you to quickly modify an existing data profile with additional match criteria while preserving the original data profile from which the new data profile was copied.
      Data profiles created by copying an existing data profile are appended with Copy - <name_of_original_data_profile>. This name can be edited as needed.
      Adding an EDM data set to a copied data profile is supported only if the original data profile had an EDM data set to begin with. Adding an EDM data set to a data profile that doesn’t already have an EDM data set isn’t supported.
    3. Configure the Primary Rule for the data profile.
      Data pattern match criteria for traffic that you want to allow must be added to the Primary Rule. Data pattern match criteria for traffic that you want to block can be added to either Primary Rule or Secondary Rule.
      1. Enter a descriptive Data Profile Name.
      2. Add Pattern Group and Add Data Pattern.
      3. Define the match criteria.
        • Data Pattern—Select a custom or predefined data pattern.
        • Occurrence Condition—Specify the occurrences condition required to trigger a Security policy rule action.
          • Any—Security policy rule action triggered if Enterprise DLP detects at least one instance of matched traffic.
          • Less than or equal to—Security policy rule action triggered if Enterprise DLP detects instances of matched traffic, with the maximum being the specified Count.
          • More than or equal to—Security policy rule action triggered if Enterprise DLP detects instances of matched traffic, with a minimum being the specified Count.
          • Between (inclusive)—Security policy rule action triggered if Enterprise DLP detects any number of instances of matched traffic between the specific Count range.
        • Count—Specify the number of instances of matched traffic required to trigger a Security policy rule action. Range is 1 - 500.
          For example, to match a pattern that appears three or more times in a file, select More than or equal to as the Occurrence Condition and specify 3 as the Threshold.
        • Confidence—Specify the confidence level required for a Security policy rule action to be taken (High or Low).
      4. (Optional) Add Data Pattern to add additional data pattern match criteria to the Primary rule.
      5. (Optional) Add Data Pattern Group to add additional data pattern conditions using AND or OR operators to the Primary Rule.
        Refer to the descriptions above to configure any additional data pattern conditions as needed.
      6. (Optional) Configure a Secondary Rule.
        Data pattern match criteria added to the Secondary Rule block all traffic that meets the match criteria for the data patterns by default and can’t be modified. If you want to allow traffic that matches a data pattern match criteria, add it to the Primary Rule.
      7. Review the Data Profile Preview to verify the data profile match criteria.
      8. Save the data profile.
    4. Verify that the data profile you created.
      • DLP App on the hub—Log in to the DLP app on the hub as a Superuser and select Data Profiles to view the data profile you created.
      • Strata Cloud ManagerLog in to Strata Cloud Manager and select ManageConfigurationSecurity ServicesData Loss Prevention and search for the data profile you created.
      • Panorama and Prisma Access (Managed by Panorama)
        See Update a Data Profile for more information on which data profile settings are editable on Panorama for a data profile created on Strata Cloud Manager.
      1. Log in to the Panorama web interface.
      2. Select ObjectsDLPData Filtering Profiles and navigate to the data profile you created.
      3. (Optional) Edit the data profile Action to block traffic.
        The Action for a data profile created on Strata Cloud Manager is configured to Alert by default.
        If the data profile has both Primary and Secondary Patterns, changing the data profile Action on Panorama deletes all Secondary Pattern match criteria.
        1. Select the data profile created on Strata Cloud Manager.
        2. Set the data profile Action to Block traffic that matches the data profile match criteria.
        3. Select CommitCommit to Panorama and Commit.
        4. Click OK.
        5. Select CommitPush to Devices and Edit Selections.
        6. Select Device Groups and Include Device and Network Templates.
        7. Push your configuration changes to your managed firewalls that are using Enterprise DLP.
    5. Attach the data profile to a Security policy rule.
      1. Log in to the Panorama web interface.
      2. Select PoliciesSecurity and specify the Device Group.
      3. Select the Security policy rule to which you want to add the data profile.
      4. Select Actions and set the Profile Type to Profiles.
      5. Select the Data Filtering profile you created.
      6. Click OK.
      7. Select Commit and Commit and Push.

    © 2024 Palo Alto Networks, Inc. All rights reserved.