Enable Exact Data Matching (EDM)

Table of Contents

Enable Exact Data Matching (EDM)

Enable Exact Data Matching (EDM) on Strata Cloud Manager and the DLP app on the hub.

On May 7, 2025, Palo Alto Networks is introducing new Evidence Storage and Syslog Forwarding service IP addresses to improve performance and expand availability for these services globally.

You must allow these new service IP addresses on your network to avoid disruptions for these services. Review the Enterprise DLP Release Notes for more information.

Where Can I Use This?	What Do I Need?
NGFW (Managed by Panorama or Strata Cloud Manager) Prisma Access (Managed by Panorama or Strata Cloud Manager) Prisma Browser	Enterprise Data Loss Prevention (E-DLP) license Review the Supported Platforms for details on the required license for each enforcement point. Or any of the following licenses that include the Enterprise DLP license Prisma Access CASB license Next-Generation CASB for Prisma Access and NGFW (CASB-X) license Data Security license

Where Can I Use This?

What Do I Need?

NGFW (Managed by Panorama or Strata Cloud Manager)
Prisma Access (Managed by Panorama or Strata Cloud Manager)
Prisma Browser

Enterprise Data Loss Prevention (E-DLP) license
Review the Supported Platforms for details on the required license for each enforcement point.

Or any of the following licenses that include the Enterprise DLP license

Prisma Access CASB license
Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
Data Security license

Exact Data Matching (EDM) is an advanced detection tool to monitor and protect sensitive data from exfiltration. Use EDM to detect sensitive and personally identifiable information (PII) such as social security numbers, Medical Record Numbers, bank account numbers, and credit card numbers, in a structured data source such as databases, directory servers, or structured data files (CSV and TSV), with high accuracy. You must first enable EDM for Enterprise Data Loss Prevention (E-DLP) to upload hash encrypted EDM data sets to Enterprise DLP to use as match criteria in a data profile.

Log in to Strata Cloud Manager.
Select ConfigurationData Loss PreventionDetection MethodsExact Data Matching.
Enable Exact Data Matching (EDM).
Enterprise DLP automatically enables EDM on your tenant.
(Optional) Edit the EDM settings to define the proximity distance for EDM detections.
The proximity distance specifies the maximum character distance allowed between two instances of sensitive data to trigger a DLP incident. In the context of EDM, the data for which Enterprise DLP evaluates the distance are the values within a single row in an EDM dataset. This setting applies to all EDM detections for your Enterprise DLP tenant.

The proximity distance is an exclusive value. Matching occurs only when the character distance is strictly less than the configured value.

For example, you configure the proximity distance as 500 and you upload an EDM dataset that includes the following row:
Bill Smith, 02-03-2026, 123-45-6789
In this case, Enterprise DLP generates incidents when it detects Bill Smith, 02-03-2026, or 123-45-6789 within 1 and 499 characters of each other in forwarded traffic.
1. Click EDM Settings.
2. Enter the EDM Proximity Distance (between 25 and 5,000 characters).
  
  Default is 100.
3. Save.
Set up the EDM CLI app and upload EDM datasets to Enterprise DLP.
1. Review the Supported EDM dataset formats to understand the data format types Enterprise DLP supports.
2. Set up the EDM CLI app to begin uploading EDM datasets to Enterprise DLP.
3. Configure the EDM CLI app connectivity to enable connectivity between the EDM CLI app and Enterprise DLP.
4. Upload an EDM dataset to Enterprise DLP.
  Upload an EDM dataset using a configuration file
  Upload an EDM dataset in Interactive Mode