>
    About Inspection of Contextual Secrets
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Enterprise DLP Administration
    4. Configure Enterprise DLP
    5. Inspection of Contextual Secrets for Chat Applications
    6. About Inspection of Contextual Secrets
    Download PDF
    Enterprise DLP

    About Inspection of Contextual Secrets

    Table of Contents

    About Inspection of Contextual Secrets

    Use
    Enterprise Data Loss Prevention (E-DLP)
     to inspect contextual messages to detect and prevent exfiltration of passwords communicated through chat-based applications.
    Where Can I Use This?
    What Do I Need?
    • Prisma Access (Managed by Panorama or Strata Cloud Manager)
    • Enterprise Data Loss Prevention (E-DLP)
       license
      Review the Supported Platforms for details on the required license for each enforcement point.
    • SaaS Security
       license
    Or any of the following licenses that include the
    Enterprise DLP
     license
    • Prisma Access
       CASB license
    • Next-Generation CASB for Prisma Access and NGFW (CASB-X)
       license
    • Data Security
       license
    Use
    Enterprise Data Loss Prevention (E-DLP)
     to inspection contextual chat messages to monitor sharing of sensitive passwords over chat-based applications.
    Enterprise DLP
     uses contextual messages to understand instances where a password might have been shared. When
    Enterprise DLP
     detects that a password was shared, a DLP Incident is generated that displays a snippet of the response containing the password.

    Which Chat Applications Are Supported?

    The Slack V2 chat application is currently supported for inspection of contextual secrets.

    Which Data Patterns and Profiles Detect Passwords?

    Data Patterns:
    Data Profiles

    What Kind of Contextual Messages Are Supported?

    Enterprise DLP
     supports inspection of one contextual message and one immediate response message containing a password in a private channel or public channel, and includes inspection of threaded replies. For
    Enterprise DLP
     to detect a shared password, the response message containing the password must be sent within 60 minutes of the contextual message. Review the Contextual Chat Examples for more information on the types of contextual messages that trigger inspection by
    Enterprise DLP
    .
    For example, James asks Justin for a password. At
    8:45 AM
    , Justin responds with the password James requested. At
    10:11 AM
    , Justin again replies but this time in a threaded response to the contextual message and shares a second password. In this example,
    Enterprise DLP
     is able to detect and generate a DLP Incident when Justin shares with James the first password at
    8:45 AM
    . However,
    Enterprise DLP
     can’t detect the second password Justin shared with James because the contextual message was already associated with the first response message and the second threaded response exceeds the 60-minute time limit.
    The contextual message, and password shared in response to a contextual message, must be in text format for
    Enterprise DLP
     to detect and generate a DLP Incident.
    Enterprise DLP
     can’t detect if a password was shared in a response to a contextual message if:
    • The contextual message is a text or image attachment
    • The response to the contextual message is a text or image attachment

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.