Enterprise DLP
Test a Data Profile
Table of Contents
Expand All
|
Collapse All
Enterprise DLP Docs
Test a Data Profile
Test the efficacy of your Enterprise Data Loss Prevention (E-DLP) data profiles to verify it they
accurately detect the expected sensitive data.
Where Can I Use This? | What Do I Need? |
---|---|
|
Or any of the following licenses that include the Enterprise DLP license
|
Test the efficacy of your Enterprise Data Loss Prevention (E-DLP) data profiles before adding them
to your Security policy rule and pushing to your production NGFW and
Prisma Access tenants. This allows you to validate your data profiles
against a file containing known sensitive data to ensure accurate detection by Enterprise DLP. You can run a test on a data profile you're currently
configuring or on an existing data profile. The data profile test results show a
high-level summary of the type of data profile you're testing, the number of
instances of High, Medium, and Low confidence detections, and snippets of the sensitive data
detected.
- Log in to Strata Cloud Manager.Create a data profile to add your predefined or custom data patterns, or edit an existing data profile.If you have an existing data profile you want to test, expand the Actions menu and click Test.Click Test Run before you save the data profile to test the traffic match criteria and validate the data profile detects the expected sensitive data.In the Detection Results, drag and drop the file you want to test or Browse File to select and upload the file.You can upload one file at a time. The maximum file size is 1 MB. Review the list of supported file types for a list of file types you can upload to Enterprise DLP to test your data profile.Enterprise DLP displays Invalid file upload if you upload an unsupported file type and File size too large if you upload a supported file type larger than 1 MB.Enterprise DLP begins testing the successfully uploaded file against the data profile.Review the test results.Enterprise DLP can return one of the following data profile test results. Click View Data Pattern Results and expand the Matched Data Patterns to view additional information about which data patterns were matched, the number of high, medium, and low confidence occurrences detected, and snippets of the sensitive data detected.
- Matched Test ResultsEnterprise DLP returns a Matched verdict and successfully detected sensitive data matching the sensitive data match criteria configured in the data profile. There are two types of matched test results:
- Successful Test Result—Enterprise DLP successfully detected all sensitive match criteria configured in the data profile.
- Partial Test Result—Enterprise DLP successfully detected some but not all sensitive match criteria configured in the data profile. A partial test result can mean:
- Match criteria in at least one, but not all, data patterns added to the data profile isn't configured correctly to detect the sensitive data in the uploaded test file.
- Test file uploaded to Enterprise DLP does not contain sensitive data that matches at least one, but not all, data pattern match criteria in your data profile.
- Primary and Secondary Rules in the data profile are not configured correctly. For example, Enterprise DLP does not generate a DLP incident if you configured the Occurrences for one of the data patterns in the Primary Rule to Less than or equal to 10 but there are more than 10 instances of sensitive data for each associated data pattern.
In the example below you can see that Enterprise DLP did not detect any sensitive data in the test file that matched the Credit Card Number data pattern, but did detect sensitive data that matches the Credit Card CVV and National Id - US Social Security Number - SSN data patterns. In this case, you should modify the number of occurrences requiredRe-Upload File to test a different file against the data profile or exit the Test Data Profile page to review and modify your data pattern and data profile configurations before retesting.
- Not Matched Test ResultsIf Enterprise DLP returns a Not Matched verdict results it means one of the following:
- Match criteria configured in all data patterns added to the data profile are not configured correctly to detect the sensitive data in the uploaded test file.
- Primary and Secondary Rules in the data profile are not configured correctly.
- Test file uploaded to Enterprise DLP does not contain sensitive data that matches any data pattern match criteria in your data profile.
Re-Upload File to test a different file against the data profile or exit the Test Data Profile page to review and modify your data pattern and data profile configurations before retesting.
Exit the data profile test screen after you verified the data profile detects the intended sensitive data.