>
    About Inspection of Contextual Secrets
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Configure Enterprise DLP
    4. Inspection of Contextual Secrets for Chat Applications
    5. About Inspection of Contextual Secrets
    Download PDF
    Enterprise DLP

    About Inspection of Contextual Secrets

    Table of Contents

    About Inspection of Contextual Secrets

    Use Enterprise Data Loss Prevention (E-DLP) to inspect contextual messages to detect and prevent exfiltration of passwords communicated through chat-based applications.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Panorama or Strata Cloud Manager)
    • Prisma Access (Managed by Panorama or Strata Cloud Manager)
    • Enterprise Data Loss Prevention (E-DLP) license
      Review the Supported Platforms for details on the required license for each enforcement point.
    Or any of the following licenses that include the Enterprise DLP license
    • Prisma Access CASB license
    • Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
    • Data Security license
    Use Enterprise Data Loss Prevention (E-DLP) to inspection contextual chat messages to monitor sharing of sensitive passwords over chat-based applications. Enterprise DLP uses contextual messages to understand instances where a password might have been shared. When Enterprise DLP detects that a password was shared, a DLP Incident is generated that displays a snippet of the response containing the password.

    Which Chat Applications Are Supported?

    The Slack V2 chat application is currently supported for inspection of contextual secrets.

    Which Data Patterns and Profiles Detect Passwords?

    Data Patterns:
    Data Profiles

    What Kind of Contextual Messages Are Supported?

    Enterprise DLP supports inspection of one contextual message and one immediate response message containing a password in a private channel or public channel, and includes inspection of threaded replies. For Enterprise DLP to detect a shared password, the response message containing the password must be sent within 60 minutes of the contextual message. Review the Contextual Chat Examples for more information on the types of contextual messages that trigger inspection by Enterprise DLP.
    For example, James asks Justin for a password. At 8:45 AM, Justin responds with the password James requested. At 10:11 AM, Justin again replies but this time in a threaded response to the contextual message and shares a second password. In this example, Enterprise DLP is able to detect and generate a DLP Incident when Justin shares with James the first password at 8:45 AM. However, Enterprise DLP can’t detect the second password Justin shared with James because the contextual message was already associated with the first response message and the second threaded response exceeds the 60-minute time limit.
    The contextual message, and password shared in response to a contextual message, must be in text format for Enterprise DLP to detect and generate a DLP Incident. Enterprise DLP can’t detect if a password was shared in a response to a contextual message if:
    • The contextual message is a text or image attachment
    • The response to the contextual message is a text or image attachment

    © 2024 Palo Alto Networks, Inc. All rights reserved.