Administration
  • Administration
  • Enterprise DLP Documentation
  • All Documentation
>
About Inspection of Contextual Secrets
Focus
Download PDF
Focus
  1. Home
  2. Enterprise DLP
  3. Configure Enterprise DLP
  4. Inspection of Contextual Secrets for Chat Applications
  5. About Inspection of Contextual Secrets
Download PDF
Enterprise DLP

About Inspection of Contextual Secrets

Table of Contents

About Inspection of Contextual Secrets

Use Enterprise Data Loss Prevention (E-DLP) to inspect contextual messages to detect and prevent exfiltration of passwords communicated through chat-based applications.
On May 7, 2025, Palo Alto Networks is introducing new Evidence Storage and Syslog Forwarding service IP addresses to improve performance and expand availability for these services globally.
You must allow these new service IP addresses on your network to avoid disruptions for these services. Review the Enterprise DLP Release Notes for more information.
Where Can I Use This?What Do I Need?
  • NGFW (Managed by Panorama or Strata Cloud Manager)
  • Prisma Access (Managed by Panorama or Strata Cloud Manager)
  • Enterprise Data Loss Prevention (E-DLP) license
    Review the Supported Platforms for details on the required license for each enforcement point.
Or any of the following licenses that include the Enterprise DLP license
  • Prisma Access CASB license
  • Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
  • Data Security license
Use Enterprise Data Loss Prevention (E-DLP) to inspection contextual chat messages to monitor sharing of sensitive passwords over chat-based applications. Enterprise DLP uses contextual messages to understand instances where a password might have been shared. When Enterprise DLP detects that a password was shared, a DLP Incident is generated that displays a snippet of the response containing the password.

Which Chat Applications Are Supported?

The Slack V2 chat application is currently supported for inspection of contextual secrets.

Which Data Patterns and Profiles Detect Passwords?

Data Patterns:
Data Profiles

What Kind of Contextual Messages Are Supported?

Enterprise DLP supports inspection of one contextual message and one immediate response message containing a password in a private channel or public channel, and includes inspection of threaded replies. For Enterprise DLP to detect a shared password, the response message containing the password must be sent within 60 minutes of the contextual message. Review the Contextual Chat Examples for more information on the types of contextual messages that trigger inspection by Enterprise DLP.
For example, James asks Justin for a password. At 8:45 AM, Justin responds with the password James requested. At 10:11 AM, Justin again replies but this time in a threaded response to the contextual message and shares a second password. In this example, Enterprise DLP is able to detect and generate a DLP Incident when Justin shares with James the first password at 8:45 AM. However, Enterprise DLP can’t detect the second password Justin shared with James because the contextual message was already associated with the first response message and the second threaded response exceeds the 60-minute time limit.
The contextual message, and password shared in response to a contextual message, must be in text format for Enterprise DLP to detect and generate a DLP Incident. Enterprise DLP can’t detect if a password was shared in a response to a contextual message if:
  • The contextual message is a text or image attachment
  • The response to the contextual message is a text or image attachment

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.