Test a Data Profile

Table of Contents

Enable Existing Data Patterns and Filtering Profiles

Test the efficacy of your Enterprise Data Loss Prevention (E-DLP) data profiles to verify it they accurately detect the expected sensitive data.

On May 7, 2025, Palo Alto Networks is introducing new Evidence Storage and Syslog Forwarding service IP addresses to improve performance and expand availability for these services globally.

You must allow these new service IP addresses on your network to avoid disruptions for these services. Review the Enterprise DLP Release Notes for more information.

Where Can I Use This?	What Do I Need?
NGFW (Managed by Panorama or Strata Cloud Manager) Prisma Access (Managed by Panorama or Strata Cloud Manager)	Enterprise Data Loss Prevention (E-DLP) license Review the Supported Platforms for details on the required license for each enforcement point. Or any of the following licenses that include the Enterprise DLP license Prisma Access CASB license Next-Generation CASB for Prisma Access and NGFW (CASB-X) license Data Security license

Test the efficacy of your Enterprise Data Loss Prevention (E-DLP) data profiles before adding them to your Security policy rule and pushing to your production NGFW and Prisma Access tenants. This allows you to validate your data profiles against a file containing known sensitive data to ensure accurate detection by Enterprise DLP. You can run a test on a data profile you're currently configuring or on an existing data profile. The data profile test results show a high-level summary of the type of data profile you're testing, the number of instances of High, Medium, and Low confidence detections, and snippets of the sensitive data detected.

Log in to Strata Cloud Manager.
Create a data profile to add your predefined or custom data patterns, or edit an existing data profile.

If you have an existing data profile you want to test, expand the Actions menu and click Test.
Click Test Run before you save the data profile to test the traffic match criteria and validate the data profile detects the expected sensitive data.
In the Detection Results, drag and drop the file you want to test or Browse File to select and upload the file.

You can upload one file at a time. The maximum file size is 1 MB. Review the list of supported file types for a list of file types you can upload to Enterprise DLP to test your data profile.

Enterprise DLP displays Invalid file upload if you upload an unsupported file type and File size too large if you upload a supported file type larger than 1 MB.

Enterprise DLP begins testing the successfully uploaded file against the data profile.
Review the test results.
Enterprise DLP can return one of the following data profile test results. Click View Data Pattern Results and expand the Matched Data Patterns to view additional information about which data patterns were matched, the number of high, medium, and low confidence occurrences detected, and snippets of the sensitive data detected.
- Matched Test Results
  Enterprise DLP returns a Matched verdict and successfully detected sensitive data matching the sensitive data match criteria configured in the data profile. There are two types of matched test results:
  Successful Test Result—Enterprise DLP successfully detected all sensitive match criteria configured in the data profile.
  
  Partial Test Result—Enterprise DLP successfully detected some but not all sensitive match criteria configured in the data profile. A partial test result can mean:
  Match criteria in at least one, but not all, data patterns added to the data profile isn't configured correctly to detect the sensitive data in the uploaded test file.
  Test file uploaded to Enterprise DLP does not contain sensitive data that matches at least one, but not all, data pattern match criteria in your data profile.
  Primary and Secondary Rules in the data profile are not configured correctly. For example, Enterprise DLP does not generate a DLP incident if you configured the Occurrences for one of the data patterns in the Primary Rule to Less than or equal to 10 but there are more than 10 instances of sensitive data for each associated data pattern.
  
  In the example below you can see that Enterprise DLP did not detect any sensitive data in the test file that matched the Credit Card Number data pattern, but did detect sensitive data that matches the Credit Card CVV and National Id - US Social Security Number - SSN data patterns. In this case, you should modify the number of occurrences required
  Re-Upload File to test a different file against the data profile or exit the Test Data Profile page to review and modify your data pattern and data profile configurations before retesting.
- Not Matched Test Results
  If Enterprise DLP returns a Not Matched verdict results it means one of the following:
  Match criteria configured in all data patterns added to the data profile are not configured correctly to detect the sensitive data in the uploaded test file.
  Primary and Secondary Rules in the data profile are not configured correctly.
  Test file uploaded to Enterprise DLP does not contain sensitive data that matches any data pattern match criteria in your data profile.
  Re-Upload File to test a different file against the data profile or exit the Test Data Profile page to review and modify your data pattern and data profile configurations before retesting.
Exit the data profile test screen after you verified the data profile detects the intended sensitive data.