Upload an Encrypted EDM Data Set to Enterprise DLP Using a Configuration File

Table of Contents

Configure EDM CLI App Connectivity to Enterprise DLP

Create an Encrypted EDM Data Set Using a Configuration File

Upload an Encrypted EDM Data Set to Enterprise DLP Using a Configuration File

Use the Exact Data Matching (EDM) CLI application to upload an encrypted hash EDM dataset in CSV or TSV format using a configuration file.

On May 7, 2025, Palo Alto Networks is introducing new Evidence Storage and Syslog Forwarding service IP addresses to improve performance and expand availability for these services globally.

You must allow these new service IP addresses on your network to avoid disruptions for these services. Review the Enterprise DLP Release Notes for more information.

Where Can I Use This?	What Do I Need?
NGFW (Managed by Panorama or Strata Cloud Manager) Prisma Access (Managed by Panorama or Strata Cloud Manager) Prisma Browser	Enterprise Data Loss Prevention (E-DLP) license Review the Supported Platforms for details on the required license for each enforcement point. Or any of the following licenses that include the Enterprise DLP license Prisma Access CASB license Next-Generation CASB for Prisma Access and NGFW (CASB-X) license Data Security license

Where Can I Use This?

What Do I Need?

NGFW (Managed by Panorama or Strata Cloud Manager)
Prisma Access (Managed by Panorama or Strata Cloud Manager)
Prisma Browser

Enterprise Data Loss Prevention (E-DLP) license
Review the Supported Platforms for details on the required license for each enforcement point.

Or any of the following licenses that include the Enterprise DLP license

Prisma Access CASB license
Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
Data Security license

You can use the Exact Data Matching (EDM) CLI app using a configuration file to create and upload an encrypted EDM dataset as two individual jobs or create and upload an encrypted EDM dataset in a single job.

To ensure General Data Protection Regulation (GDPR) compliance, the EDM CLI app hashes and encrypts EDM datasets before upload to the Enterprise DLP EDM dataset storage bucket. The EDM CLI app first hashes the dataset using the SHA256 hash function when you initiate an EDM dataset upload. The EDM CLI app then encrypts the EDM dataset using AES Symmetric encryption before beginning the EDM dataset upload to the Enterprise DLP EDM dataset storage bucket. The raw data in your EDM datasets never leave your organization's network, and Enterprise DLP does not store or have access to the raw EDM dataset data. Enterprise DLP stores only hashed and encrypted EDM dataset data in the EDM dataset storage bucket. Review the Enterprise DLP Privacy Datasheet for more information about how Enterprise DLP captures, processes, and stores personal information.

Configure EDM CLI App Connectivity to Enterprise DLP

Create an Encrypted EDM Data Set Using a Configuration File

Enterprise DLP Docs

Upload an Encrypted EDM Data Set to Enterprise DLP Using a Configuration File

Enterprise DLP Docs

Upload an Encrypted EDM Data Set to Enterprise DLP Using a Configuration File

Activation & Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner