data patterns and data filtering profiles are designed to work across all supported
platforms to provide consistent data security across all locations.
All PA-Series firewalls and VM-Series firewalls (but not CN-Series firewalls).
, you must
configure your Security policy rule and Security Profile Group on
Panorama
and push these configurations to your managed firewalls.
Enterprise DLP
doesn’t support pushing an
Enterprise DLP
data filtering
profile to your managed firewall and referencing the data filtering profile in a
Security policy rule or Security Profile Group created locally on the
firewall.
Requires minimum Application and Threats content release version 8334 or a later
version.
Upgrade to PAN-OS 10.0.3 and install Application and Threats content release
version 8413 or later version for additional application support.
The following table displays the supported web applications and operational
parameters that you can use with
Enterprise Data Loss Prevention (E-DLP)
. See the Supported File Types
for more information on which file types
Enterprise DLP
can inspect and render a
verdict on across all applications. Refer to the Palo
Alto Networks Applipedia for more information on each application App-ID.
Some application support might have a
Minimum Version Requirement
.
The minimum version requirement to support inspection of an application might require a
minimum PAN-OS version or an Apps & Threats content release version installed.
Some
Enterprise DLP
functionality is dependent on a PAN-OS release.
Any application that supports the Non-File Inspection
Inspection
Type
requires PAN-OS 10.2.3 or later PAN-OS release.
Any application that supports a
Max File Size
larger than 20 MB requires
PAN-OS 10.2.4 or later PAN-OS 10.2 release, or PAN-OS 11.0.2 or later release.
Any application that supports the Download
Direction
requires PAN-OS
10.2.4 or later PAN-OS 10.2 release, or PAN-OS 11.0.2 or later release.
Review the Compatibility Matrix for
the minimum plugin versions required for your target upgrade
version.
To use Gmail, you must disable the Quick UDP Internet Connection (QUIC) protocol.
Palo Alto Networks recommends that you disable QUIC in Chrome. To do so, specify
chrome://flags/
in the Chrome
Experimental QUIC
Protocol
, and select
Disabled
.
Application
App-ID
Inspection Type
(File and Non-File)
Direction
Max File Size
Minimum Version Requirement
Amazon Cloud Drive Web
amazon-cloud-drive
File Inspection
Upload
20 MB
None
Amazon S3 REST API
web-browsing
File Inspection
Upload
20 MB
None
Apple iCloud Web
icloud
File Inspection
Upload
20 MB
None
Asana Web
asana
File Inspection
Upload
20 MB
None
Basecamp Web
basecamp
File Inspection
Upload
20 MB
None
Bitrix24 Web
bitrix24
File Inspection
Upload
20 MB
None
Blackboard Web
blackboard
File Inspection
Upload
20 MB
None
Blogs (e.g Wordpress, Medium)
blog-posting
File Inspection
Non-File Inspection
Upload
20 MB
None
Box Desktop - Business
boxnet
File Inspection
Upload
Download
100 MB
Version 8413
Box Web
boxnet
File Inspection
Upload
Download
100 MB
Version 8413
Canvas Web
canvas
File Inspection
Upload
20 MB
None
Confluence Web
confluence-base
web-browsing
Non-File Inspection
Upload
N/A
10.2.3
DocSend Web
docsend
File Inspection
Upload
20 MB
None
Dropbox Web
dropbox
File Inspection
Upload
100 MB
11.1.0
Egnyte Web
egnyte
File Inspection
Upload
20 MB
None
Evernote Web
evernote
Non-File Inspection
Upload
N/A
10.2.3
(
Images only
) Facebook Web
facebook-uploading
File Inspection
Upload
10 MB
10.2.3
Facebook Messenger Web
facebook-chat
File Inspection
Upload
Download
25MB
None
FilesAnywhere Web
filesanywhere
File Inspection
Upload
20 MB
None
Freshdesk Web
freshdesk
File Inspection
Upload
20 MB
None
GitHub Web
github
File Inspection
Upload
20 MB
Version 8413
Gitlab - Web-based File Attachment and Standard Traffic
gitlab
File Inspection
Non-File Inspection
Upload
100 MB
Version 8413
Glassdoor Web
web-browsing
Non-File Inspection
Upload
N/A
10.2.3
Gmail Web - Mail Attachments
gmail
File Inspection
Upload
100 MB
Version 8413
Google Chat Web
google-chat
Non-File Inspection
Upload
N/A
10.2.3
Google Cloud Platform
google-cloud-storage-base
File Inspection
Upload
Download
100 MB
None
Google Drive Web
google-base
google-docs
File Inspection
Upload
100 MB
10.2.4
Google Docs Web
google-docs-editing
Non-File Inspection
Upload
N/A
10.2.3
Google Forms Web
google-docs-editing
Non-File Inspection
Upload
N/A
10.2.3
Google Meet Web
google-meet
Non-File Inspection
Upload
N/A
10.2.3
Version 8726-8134
Google Photos Web
google-photos
File Inspection
Upload
10 MB
10.2.3
Version 8745-8229
Google Sheets Web
google-docs-editing
Non-File Inspection
Upload
N/A
10.2.3
Google Slides Web
google-docs-editing
Non-File Inspection
Upload
N/A
10.2.3
GSuite (Export via link)
google-base
File Inspection
Download
25 MB
10.2.4
Version 8684-7912
Hubspot Web
hubspot
File Inspection
Upload
20 MB
None
LinkedIn Web
linkedin
File Inspection
Non-File Inspection
Download
25 MB
(
Non-File
) 10.2.3
(
Download
) 10.2.4
Version 8739-17204
Jira Web
jira
File Inspection
Non-File Inspection
Download
100 MB
(
Download and Large File
) 10.2.4
Mendeley Web
mendeley
File Inspection
Upload
20 MB
None
Microsoft Azure Storage
windows-azure
File Inspection
Download
100 MB
10.2.4 or 11.0.2
Version 8742-8215
Microsoft Excel Desktop
web-browsing
File Inspection
Non-File Inspection
Download
26 MB
10.2.4
Microsoft Excel Web
web-browsing
File Inspection
Non-File Inspection
Download
26 MB
10.2.4
Microsoft OneDrive Web - Business
office365-enterprise-access
sharepoint-online
File Inspection
Upload
100 MB
10.2.4
(
Large file
) 11.1.0
Microsoft OneDrive Desktop - Business
office365-enterprise-access
sharepoint-online
File Inspection
Download
100 MB
10.2.4
Version 8684-7912
Microsoft OneDrive Desktop - Personal
ms-onedrive
File Inspection
Upload
100 MB
10.2.4
Version 8684-7912
Microsoft OneNote Web
ms-onenote
File Inspection
Non-File Inspection
Upload
Download
20 MB
Version 8413
Microsoft Outlook Web - Mail Attachments
ms-office365
File Inspection
Upload
100 MB
Version 8673-7845
(
Large file
) 11.1.0
Microsoft Power BI Web
web-browsing
File Inspection
Upload
20 MB
None
Microsoft PowerPoint Desktop
ms-powerpoint-online
File Inspection
Non-File Inspection
Download
100 MB
10.2.4
Microsoft PowerPoint Web
ms-powerpoint-online
File Inspection
Non-File Inspection
Download
100 MB
10.2.4
Microsoft SharePoint Desktop
office365-enterprise-access
sharepoint-online
File Inspection
Non-File Inspection
Upload
Download
100 MB
None
Microsoft SharePoint Web
office365-enterprise-access
sharepoint-online
File Inspection
Non-File Inspection
Upload
Download
100 MB
None
Microsoft Teams Web
ms-office365
ms-teams
File Inspection
Non-File Inspection
Download
100 MB
Version 8742-8215
Microsoft Teams Desktop
ms-office365
ms-teams
Non-File Inspection
N/A
N/A
10.2.3
Miro Web
realtimeboard
File Inspection
Upload
30 MB
10.2.3
Version 8756-8298
Monday.com Web
monday
File Inspection
Upload
20 MB
None
Naver Mail Web
naver-mail
File Inspection
Upload
Download
100 MB
None
Naverworks
web-browsing
File Inspection
Upload
20 MB
Version 8711-8058
Prezi Web
prezi
File Inspection
Upload
20 MB
None
Pastebin Web
pastebin
Non-File Inspection
Upload
20 MB
10.2.3
Quip
quip
File Inspection
Upload
Download
100 MB
Version 8735-8187
Salesforce Web
salesforce
File Inspection
Upload
Download
100 MB
Version 8413
ServiceNow Web
service-now
File Inspection
Non-File Inspection
Upload
Download
100 MB
Version 8413
Slack Web
slack
File Inspection
Non-File Inspection
Upload
20 MB
None
Smartsheet Web
smartsheet-web
Non-File Inspection
Upload
N/A
10.2.3 or 11.0.0
Splunk Web
web-browsing
splunk
File Inspection
Upload
20 MB
None
Syncplicity Web
syncplicity
File Inspection
Upload
20 MB
None
Trello Web
trello
File Inspection
Upload
20 MB
None
Twitter Web
twitter
File Inspection
Non-File Inspection
Upload
20 MB
None
Udemy Web
udemy-base
udemy-business
Non-File Inspection
Upload
N/A
10.2.3 or 11.0.0
Web Browsing
web-browsing
File Inspection
Upload
100 MB
None
Webex Desktop
webex
Non-File Inspection
Upload
N/A
Version 8735-8187
Workday Web
workday
File Inspection
Upload
Download
30 MB
Version 8702-8012
Workplace by Facebook Web App
workplace
File Inspection
Upload
20 MB
None
Yahoo Web App Mail Attachments
yahoo-mail-uploading
File Inspection
Non-File Inspection
Upload
25 MB
Version 8413
Yammer Web
yammer
File Inspection
Upload
20 MB
None
Zendesk Web
zendesk
File Inspection
Non-File Inspection
Upload
Download
50 MB
10.2.3 or 11.0.0
(
Upload
) 10.2.5
Version 8757-8277
GenAI Applications
Artificial Intelligence (AI) Applications supported by
Enterprise Data Loss Prevention (E-DLP)
.
The following table displays the supported AI web applications and
operational parameters that you can use with
All AI app support require PAN-OS 10.2.3 or later release.
All AI apps support only non-file inspection unless otherwise specified.
Application
App-ID
Notes
ChatGPT Web and API
openai-chatgpt
Minimum Content Version
—8699
Google Bard
google-bard
None
Hugging Face API
web-browsing
None
Microsoft Azure OpenAI Studio
azure-openai-studio
None
File Types
File types supported by
Enterprise Data Loss Prevention (E-DLP)
.
Enterprise Data Loss Prevention (E-DLP)
supports the following file operations, upload parameters, file
types, and actions.
File operations
—You can upload files using HTTP and HTTPS (no FTP or SMTP)
using:
(
DLP 3.0.1 and earlier releases
) HTTP/1.1
Some applications, such as SharePoint and OneDrive, use HTTP/2 by
default. To use HTTP/2 files with HTTP/1.1, you need to create a
decryption profile and a Security policy rule to strip out the
application-layer protocol negotiation (ALPN) extension in headers.
See Enable Enterprise DLP for more information.
(
DLP 3.0.2 and later releases
) HTTP/1.1 and HTTP/2
Data flow
—File uploads and downloads are supported. Review the supported applications to
learn the data flow direction supported for each application.
Enterprise DLP
doesn’t support maintaining a session connection to
continue inspection if a file download is paused. The DLP cloud service
inspection is terminated for the file if the download operation is
paused.
Concurrent file uploads
—25 concurrent file uploads are supported.
File size
—The maximum supported file size is dependent on the application.
Review the supported applications for
more information.
File types
—
Enterprise DLP
supports inspection of the following file
types.
Microsoft Office (.doc, .docx, .ppt, .pptx, .xls, .xlsx)
supports inspection of the
following source code file types.
Cfamily—C, C++, C+, C#, Objective
C
Go
HTML
java
javascript
JSON
perl
powershell
python
r
ruby
vbs
verilog
vhd1
x86_assembly
ZIP Files
—
Enterprise DLP
supports inspection of ZIP and 7Z (7-ZIP
file archiver) files containing the supported file types listed above.
Enterprise DLP
supports multilevel compressed files.
Prisma Access
,
NGFW (Managed by Panorama)
, and
NGFW (Managed by Strata Cloud Manager)
—Up to four levels of file
compression is supported. The total file size for all uncompressed
files may not exceed the maximum supported file size for each
application.
Data Security
—No maximum number of file compression
levels. The total file size for all uncompressed files may not
exceed the maximum supported file size for each application.
Response
—Block and Alert actions are supported for HTTP and HTTPS files.
However, the Block page doesn’t display the name of the file that the managed
firewall blocked.
Encoding Schemas
Encoding schemas supported by
Enterprise Data Loss Prevention (E-DLP)
.
Enterprise DLP
supports the following encoding schemas for supported file types.
Detection of encoding schemas for any DLP service relies on heuristically guessing
the character encoding of a series of bytes that represent text. As a result,
encoding schema detection is recognized as being inherently unreliable. This means
that
Enterprise DLP
may not be able to always detect encoded files. Palo Alto
Networks is continuously working on and improving
Enterprise DLP
's ability to
detect encoded file types to prevent exfiltration of sensitive data.
Big5
EUC-JP
EUC-KR
GB18030
IBM855
ISO-2022-CN
UISO-2022-JP
ISO-2022-KR
ISO-8599-1
ISO-8599-2
ISO-8599-3
ISO-8599-4
ISO-8599-5
ISO-8599-6
ISO-8599-7
ISO-8599-8
ISO-8599-9
ISO-8599-11
ISO-8599-12
ISO-8599-13
ISO-8599-15
KOI8-R
Shift_JIS
UTF-8
UTF-16BE
UTF-16LE
windows-1251
windows-1252
windows-1253
windows-1255
Detection Methods
Supported
Enterprise Data Loss Prevention (E-DLP)
detection methods to detect sensitive
data.
Review the list of
Enterprise Data Loss Prevention (E-DLP)
detection methods. Detection methods are
traffic match criteria techniques used by
Enterprise DLP
to inspect for and prevent
exfilitration of sensitive data. Detection methods can be added alongside any
combination of predefined, custom regex, or file property data patterns in an advanced data profile.
Upload custom documents containing intellectual property for which
you want to prevent exfiltration. Custom document types function as
traffic match criteria in advanced data profiles.
Data dictionaries are a collection of one or more keywords or phrases that you
want to detect and prevent exfilitration. A data dictionary is added
as a match criteria alongside the other supported match criteria in
advanced and nested data profiles to
increase the
Upload data sets to detect sensitive and personally identifiable
information (PII) in structured data sources. EDM data sets function
as traffic match criteria in advanced data profiles.
Custom data profile that can include all functionality of classic data patterns, and advanced detection methods such as
Exact Data Matching (EDM) or custom document types.
Provides quantifiable metrics to measure the overall data risk for your
organization and gives administrators the ability to analyze and take preventative
action to strengthen your data risk security posture using the Data Risk
Dashboard.
Connect an AWS storage bucket, Azure storage bucket, or SFTP server to
Enterprise DLP
to automatically store files scanned by the DLP cloud service that
match your data profiles. After a file is successfully stored, you can download the
file for further investigation.
Custom data profile that contains multiple nested data profiles that allows you to
consolidate the match criteria to prevent exfiltration of sensitive data to a single
data profile that can be used in a single Security policy rule.
data profiles to inspect non-file based traffic to
prevent exfiltration of sensitive data through collaboration applications, web forms,
Cloud applications, and social media.
can inspect and block an outbound email if sensitive
data is written in double byte plaintext characters directly in the email subject or
body. However
Enterprise DLP
can't inspect and block an outbound email if sensitive
data is written in double byte plaintext characters in a document meant to be detected
with a custom document type.
Non-File Based Traffic
Enterprise Data Loss Prevention (E-DLP)
supports inspection of non-file based traffic.
Enterprise Data Loss Prevention (E-DLP)
supports inspection of non-file based traffic for sensitive
data. A data filtering profile configured for non-file based traffic detection allows
you to configure URL and application exclusion lists to exclude specific URL and
application traffic from
Enterprise DLP
inspection.
On the
Panorama™ management server
, each data profile you create can be
configured to inspect for either file based traffic or for non-file based traffic, or
for both. On