: Web Form Data Inspection for Enterprise Data Loss Prevention
Focus
Focus

Web Form Data Inspection for Enterprise Data Loss Prevention

Table of Contents

Web Form Data Inspection for Enterprise Data Loss Prevention

Inspect non-file based traffic for sensitive data when using Enterprise data loss prevention (DLP).
Enterprise Data Loss Prevention (DLP) now supports inspection of non-file format traffic to prevent exfiltration of sensitive information in data exchanged in collaboration applications, web forms, Cloud applications, custom applications, and social media.
Managed firewalls using Enterprise DLP send all non-file based traffic that match data filtering profile criteria to the DLP cloud service to render a verdict. However, use URL categories and application filters to determine which application traffic is excluded from inspection. Enterprise DLP includes a predefined DLP App Exclusion Filter filter containing common applications that can’t be inspected or don’t require inspection. You can use the predefined application filter or create a custom application filter to specify applications to exclude from inspection. You can modify existing data filtering profiles to scan both file based and non-file based traffic. Inspection of non-file based traffic is supported on Panorama, Prisma Access (Panorama Managed), and Prisma Access (Cloud Managed).
Enterprise DLP supports inspection of non-file based traffic of sensitive data for the following HTTP content types:
  • JSON
  • URL encoded form
  • Multipurpose Internet Mail Extensions (MIME)
Web form inspection for non-file based traffic is supported only for the HTTP/1.x network protocol. Web form inspection for non-file based traffic isn’t supported for the HTTP/2 network protocol.
The steps below describe how to configure web form inspection Enterprise DLP on Panorama and Prisma Access (Panorama Managed).
  1. Log in to the Panorama web interface.
  2. Create a Data Pattern on Panorama.
  3. (Optional) Create a custom URL category for URL or domain traffic you don’t want to send to the DLP cloud service for inspection.
  4. (Optional) Create a custom application filter for application traffic that you don’t want to send to the DLP cloud service for inspection.
    1. Select ObjectsApplication Filters and Add a new application filter.
      You can also select and Clone the predefined DLP App Exclusion Filter to create a custom application filter.
    2. Check (enabled) Shared.
    3. Configure the application filter as needed.
      See Create an Application Filter for more information.
    4. Click OK.
    5. Select Commit and Commit to Panorama.
  5. Create a data filtering profile to inspect non-file based traffic.
    See Create a Data Filtering Profile on Panorama for additional details on creating a data filtering profile.
    1. Select ObjectsDLPData Filtering Profile and Add a data filtering profile.
    2. Enter descriptive Name for the data filtering profile.
    3. For Non File Based, select Yes.
    4. Enable (check) Shared.
    5. Add the Primary Pattern and Secondary Pattern match criteria as needed.
    6. (Optional) Select URL Category and Add a URL category to exclude from inspection.
    7. Select Application List and Add an application list to exclude from inspection.
      At least one application filter is required to successfully create a data filtering profile for non-file based traffic.
    8. Configure the Action.
    9. Configure the Log Severity.
    10. Click OK.
  6. Attach the data filtering profile to a Security policy rule.
    1. Select PoliciesSecurity and specify the Device Group.
    2. Select the Security policy rule to which you want to add the data filtering profile.
    3. Select Actions and set the Profile Type to Profiles.
    4. Select the Data Filtering profile that you created previously.
    5. Click OK to save your policy rule.
  7. Commit and push your configuration changes to your managed firewalls that are using Enterprise DLP.
    The Commit and Push command isn’t recommended for Enterprise DLP configuration changes. Using the Commit and Push command requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
    1. Select CommitCommit to Panorama and Commit.
    2. Select CommitPush to Devices and Edit Selections.
    3. Select Device Groups and Include Device and Network Templates.
    4. Click OK.
    5. Push your configuration changes to your managed firewalls that are using Enterprise DLP.