>
    End User Coaching
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Enterprise DLP Administration
    4. Monitor Enterprise DLP
    5. End User Coaching
    Download PDF
    Enterprise DLP

    End User Coaching

    Table of Contents

    End User Coaching

    Create an end user notification template to generate a notification in Access Experience User Interface for a user when they generate an
    Enterprise Data Loss Prevention (E-DLP)
     incident.
    Where Can I Use This?
    What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • GlobalProtect app
       version 6.3 or later
    • Enterprise Data Loss Prevention (E-DLP)
       license
    • Prisma Access
       Mobile Users License
    • Prisma Access
       license
    • Prisma Access
       5.1 or later
    Or any of the following licenses that include the
    Enterprise DLP
     license
    • Prisma Access
       CASB license
    • Next-Generation CASB for Prisma Access and NGFW (CASB-X)
       license
    End User Coaching allows you to display notifications to your users in the Access Experience User Interface (UI) when they generate an
    Enterprise Data Loss Prevention (E-DLP)
     incident.
    To determine what is considered sensitive data, you add one or more
    Inline DLP Rules
    . DLP Rules contain the traffic match criteria that define what is considered sensitive data. The DLP Rule is derived from the
    Enterprise DLP
     data profile of the same name. Additionally, you can configure custom messages for when a
    File Based
     or
    Non-File Based
    Enterprise DLP
     incident is generated. After an
    Enterprise DLP
     incident is generated, the user who generated the incident can view the Data Security notification for more information about the sensitive data uploaded, downloaded, or posted.
    1. Contact your
      Palo Alto Networks
       representative to enable End User Coaching on your tenant.
    2. Install the
      GlobalProtect app
       version 6.3 or later on Windows or macOS.
    3. Log in to
      Strata Cloud Manager
      .
    4. Enable
      Autonomous DEM
      .
      In
      App Settings
      User Behavior
      Digital Experience Management (DEM)
      , you must configure these required settings to display notifications to your users in the Access Experience UI when they generate a DLP incident.
      • Enable
        Autonomous DEM and GlobalProtect Log Collection for Troubleshooting
      • DEM for Prisma Access (Windows and Mac Only)
        —Select
        Install and User Cannot Enable or Disable DEM
      • DEM for Prisma Access version 6.3 and above (Windows and Mac Only)
        —Select
        Install the Agent
    5. Configure
      Enterprise DLP
      .
      1. This is required for
        Enterprise DLP
         to decrypt and inspect traffic for sensitive data.
      2. This is required for
        Enterprise DLP
         to decrypt and inspect traffic for sensitive data.
      3. Create custom data patterns to define your match criteria.
        Alternatively, you can use the predefined data patterns instead of creating custom data patterns.
      4. Create a data profile and add your data patterns.
        Only custom data profiles are supported. By default, all predefined DLP Rules'
        Action
         are set to
        Alert
        . You must clone the predefined data profile to edit the DLP Rule
        Action
        .
        • When modifying the DLP Rule, you must set the
          Action
           to
          Block
          . This is required to generate alerts in the Access Experience UI. No alerts are displayed if the
          Action
           is set to
          Alert
          .
        • Add the DLP Rule to a Profile Group and attach the Profile Group to a Security policy rule. This is required for
          Enterprise DLP
           to generate a DLP incident which then generates a notification in the Access Experience UI.
    6. Select
      Manage
      Configuration
      NGFW and Prisma Access
      Global Settings
      User Coaching Notification Template
       and create an End User Notification Template.
      The end user notification template defines which DLP Rules generate a notification in the Access Experience UI and the contents of the notification. You should only add DLP Rules added to a Profile Group that is associated with a Security policy rule. This is required for
      Enterprise DLP
       to generate a DLP incident which then generates a notification in the Access Experience UI. A single DLP Rule can be added to multiple User Coaching Notification Templates.
    7. The user who generated the
      Enterprise DLP
       incident can view the Data Security notification for more information about the sensitive data uploaded, downloaded, or posted.
      A Data Security notification is displayed for 7 days. There is no limit to the number of notifications displayed.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.