Enterprise DLP
Setup Prerequisites for Enterprise DLP
Table of Contents
Expand All
|
Collapse All
Enterprise DLP Docs
-
- About Enterprise DLP
- What’s Supported with Enterprise DLP?
- Data Patterns, Document Types, and Data Profiles
- Enable Role Based Access
- Edit the Cloud Content Settings
- Edit the Enterprise DLP Data Filtering Settings
- Edit the Enterprise DLP Snippet Settings
- Configure Syslog Forwarding for Enterprise DLP Incidents
- Request a New Feature
-
-
- Enable Existing Data Patterns and Filtering Profiles
- Modify a DLP Rule on Strata Cloud Manager
- Create a SaaS Security Policy Recommendation to Leverage Enterprise DLP
- Reduce False Positive Detections
- Data Dictionaries
- Recommendations for Security Policy Rules
- Enterprise DLP Migrator
-
-
-
- Driver License - Australia
- Driver License - Austria
- Driver License - Belgium
- Driver License - Brazil
- Driver License - Bulgaria
- Driver License - Canada
- Driver License - China
- Driver License - Croatia
- Driver License - Cyprus
- Driver License - Czech Republic
- Driver License - Denmark
- Driver License - Estonia
- Driver License - Finland
- Driver License - France
- Driver License - Germany
- Driver License - Greece
- Driver License - Hungary
- Driver License - Iceland
- Driver License - Ireland
- Driver License - Italy
- Driver License - Japan
- Driver License - Latvia
- Driver License - Liechtenstein
- Driver License - Lithuania
- Driver License - Luxembourg
- Driver License - Malta
- Driver License - Netherlands
- Driver License - New Zealand
- Driver License - Norway
- Driver License - Poland
- Driver License - Portugal
- Driver License - Romania
- Driver License - Slovakia
- Driver License - Slovenia
- Driver License - South Africa
- Driver License - South Korea
- Driver License - Spain
- Driver License - Sweden
- Driver License - Switzerland
- Driver License - Taiwan
- Driver License - Turkey
- Driver License - UK
- Driver License - US
- Driver License - US - AK
- Driver License - US - AL
- Driver License - US - AR
- Driver License - US - AZ
- Driver License - US - CA
- Driver License - US - CO
- Driver License - US - CT
- Driver License - US - DC
- Driver License - US - DE
- Driver License - US - FL
- Driver License - US - GA
- Driver License - US - HI
- Driver License - US - IA
- Driver License - US - ID
- Driver License - US - IL
- Driver License - US - IN
- Driver License - US - KS
- Driver License - US - KY
- Driver License - US - LA
- Driver License - US - MA
- Driver License - US - ME
- Driver License - US - MI
- Driver License - US - MN
- Driver License - US - MO
- Driver License - US - MS
- Driver License - US - MT
- Driver License - US - NC
- Driver License - US - ND
- Driver License - US - NE
- Driver License - US - NH
- Driver License - US - NM
- Driver License - US - NV
- Driver License - US - NY
- Driver License - US - OH
- Driver License - US - OK
- Driver License - US - OR
- Driver License - US - PA
- Driver License - US - RI
- Driver License - US - SC
- Driver License - US - SD
- Driver License - US - TN
- Driver License - US - TX
- Driver License - US - UT
- Driver License - US - VA
- Driver License - US - VT
- Driver License - US - WA
- Driver License - US - WI
- Driver License - US - WV
- Driver License - US - WY
- National ID - Albania
- National Id - Argentina ID
- National ID - Australia
- National Id - Austria - Central Register of Residents
- National Id - Austria Social Security Card - e-card
- National ID - Bahrain
- National Id - Belgium - Citizen Service Number - BSN
- National Id - Belgium - National Registration Number
- National ID - Bosnia and Herzegovina
- National ID - Brazil
- National Id - Brazil - CNPJ
- National Id - Brazil - CPF
- National Id - Bulgaria - Uniform Civil Number
- National Id - Canada - Social Insurance Number - SIN
- National ID - Chile
- National Id - China ID
- National Id - Colombia National ID
- National ID - Costa Rica
- National Id - Croatia - Personal Identification Number
- National ID - Cuba
- National Id - Cyprus - Identity Card
- National Id - Czech - Birth Number
- National Id - Czech - National eID Card
- National Id - Denmark - CPR Number
- National ID - Dominican Republic
- National ID - Ecuador
- National ID - Egypt
- National Id - Estonia - Personal Identification Code
- National Id - Finland - Personal Identity Code - HETU
- National Id - France - INSEE
- National Id - France - Social Security Number - NIR
- National Id - Germany
- National Id - Greece
- National Id - Hong Kong ID
- National Id - Hungary - Personal Identification Number
- National Id - Iceland
- National ID - India
- National ID - Indonesia
- National ID - Iran
- National Id - Ireland - Personal Public Service Number - PPSN
- National ID - Israel
- National Id - Italy - Fiscal Code Card - Codice Fiscale
- National Id - Japan Corporate Number
- National Id - Japan My Number
- National ID - Kazakhstan
- National ID - Kuwait
- National Id - Latvia - Personal Public Service Number - PPSN
- National Id - Liechtenstein
- National Id - Lithuania
- National Id - Luxembourg
- National Id - Malaysia National ID
- National Id - Malta
- National ID - Mexico
- National ID - Moldova
- National ID - Montenegro
- National Id - Netherlands - Citizen Service Number - BSN
- National ID - North Macedonia
- National Id - Norway - Identification Number - Fødselsnummer
- National ID - Pakistan
- National ID - Paraguay
- National ID - Peru
- National ID - Philippines
- National Id - Poland
- National Id - Portugal
- National Id - Romania - Identity Card - CNP
- National ID - Russia
- National ID - Serbia
- National Id - Singapore NRIC
- National Id - Slovakia
- National Id - Slovenia
- National ID - South Africa
- National ID - South Korea
- National Id - Spain - National Identity Document - Documento Nacional de Identidad
- National ID - Sri Lanka
- National Id - Sweden - Personal Identity Number
- National ID - Switzerland
- National Id - Taiwan ID
- National Id - Thailand ID
- National Id - Turkey Identification Number
- National Id - UAE Emirates ID
- National Id - UK National Insurance Number - NINO
- National ID - Uruguay
- National Id - US Social Security Number - SSN
- National ID - Venezuela
- Passport - Australia
- Passport - Austria
- Passport - Belgium
- Passport - Brazil
- Passport - Bulgaria
- Passport - Canada
- Passport - Croatia
- Passport - Cyprus
- Passport - Czech Republic
- Passport - Denmark
- Passport - Estonia
- Passport - Finland
- Passport - France
- Passport - Germany
- Passport - Greece
- Passport - Hungary
- Passport - Iceland
- Passport - Ireland
- Passport - Italy
- Passport - Latvia
- Passport - Liechtenstein
- Passport - Lithuania
- Passport - Luxembourg
- Passport - Malta
- Passport - Netherlands
- Passport - New Zealand
- Passport - Norway
- Passport Number - China
- Passport Number - Singapore
- Passport Number - South Africa
- Passport number - South Korea
- Passport number - Taiwan
- Passport - Poland
- Passport - Portugal
- Passport - Romania
- Passport - Slovakia
- Passport - Slovenia
- Passport - Spain
- Passport - Sweden
- Passport - Switzerland
- Passport - Turkey
- Passport - UK
- Passport - US
- Tax Id - Australia
- Tax Id - Austria
- Tax Id - Belgium
- Tax Id - Brazil
- Tax Id - Bulgaria
- Tax ID - Canada
- Tax ID - China
- Tax ID - Costa Rica
- Tax Id - Cyprus
- Tax Id - Czech Republic
- Tax Id - Denmark
- Tax ID - Dominican Republic
- Tax Id - Estonia
- Tax Id - Finland
- Tax Id - France
- Tax Id - Germany
- Tax Id - Greece
- Tax Id - Hungary
- Tax Id - Iceland
- Tax Id - India - PAN
- Tax Id - Ireland
- Tax Id - Italy
- Tax ID - Japan
- Tax Id - Latvia
- Tax Id - Liechtenstein
- Tax Id - Lithuania
- Tax Id - Luxembourg
- Tax Id - Malta
- Tax Id - Netherlands
- Tax Id - New Zealand
- Tax Id - Norway
- Tax Id - Poland
- Tax Id - Portugal
- Tax Id - Romania
- Tax Id - Slovakia
- Tax Id - Slovenia
- Tax ID - South Africa
- Tax ID - South Korea
- Tax Id - Spain
- Tax Id - Sweden
- Tax Id - Switzerland
- Tax ID - Taiwan
- Tax Id - Turkey
- Tax Id - UK - UTR
- Tax Id - US - TIN
-
-
-
-
- March 2025
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- April 2024
- March 2024
- January 2024
- December 2023
- November 2023
- October 2023
- August 2023
- July 2023
- June 2023
- May 2023
- March 2023
- February 2023
- January 2023
- November 2022
- October 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- July 2021
- New Features in Enterprise DLP Plugin 5.0
- New Features in Enterprise DLP Plugin 4.0
- New Features in Enterprise DLP Plugin 3.0
- New Features in Enterprise DLP Plugin 1.0
-
- Known Issues in the Enterprise DLP Cloud Service
- Known Issues in Endpoint DLP
-
- Known Issues in Enterprise DLP Plugin 5.0.6
- Known Issues in Enterprise DLP Plugin 5.0.5
- Known Issues in Enterprise DLP Plugin 5.0.4
- Known Issues in Enterprise DLP Plugin 5.0.3
- Known Issues in Enterprise DLP Plugin 5.0.2
- Known Issues in Enterprise DLP Plugin 5.0.1
- Known Issues in Enterprise DLP Plugin 5.0.0
-
- Known Issues in Enterprise DLP Plugin 3.0.10
- Known Issues in Enterprise DLP Plugin 3.0.9
- Known Issues in Enterprise DLP Plugin 3.0.8
- Known Issues in Enterprise DLP Plugin 3.0.7
- Known Issues in Enterprise DLP Plugin 3.0.6
- Known Issues in Enterprise DLP Plugin 3.0.5
- Known Issues in Enterprise DLP Plugin 3.0.4
- Known Issues in Enterprise DLP Plugin 3.0.3
- Known Issues in Enterprise DLP Plugin 3.0.2
- Known Issues in Enterprise DLP Plugin 3.0.1
- Known Issues in Enterprise DLP Plugin 3.0.0
-
- Known Issues in Enterprise DLP Plugin 1.0.8
- Known Issues in Enterprise DLP Plugin 1.0.7
- Known Issues in Enterprise DLP Plugin 1.0.6
- Known Issues in Enterprise DLP Plugin 1.0.5
- Known Issues in Enterprise DLP Plugin 1.0.4
- Known Issues in Enterprise DLP Plugin 1.0.3
- Known Issues in Enterprise DLP Plugin 1.0.2
- Known Issues in Enterprise DLP Plugin 1.0.1
- Enterprise DLP Limitations
- Changes to Default Behavior
-
Setup Prerequisites for Enterprise DLP
Ports, Fully Qualified Domain Names, and IP addressed required to enable Enterprise Data Loss Prevention (E-DLP).
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Enterprise DLP license
|
Below are the fully qualified domain names (FQDN), network ports, and IP addresses that
must be allowed on your corporate network to forward traffic for inspection and verdict
rendering to Enterprise Data Loss Prevention (E-DLP). These tables also include network settings
required for other Enterprise DLP features.
- Ports and FQDNs
- IP Addresses for Evidence Storage
- IP Addresses for Syslog Forwarding
- FQDNs for EDM
- End User Alerting
Prerequisite Ports and FQDNs for Enterprise DLP
Allow access to the following IP addresses and open ports required to successfully
forward traffic to Enterprise Data Loss Prevention (E-DLP).
Firewalls managed by a Panorama™ management server or Strata Cloud Manager need to access the
following FQDNs and ports open on the network to successfully forward traffic for
inspection by the DLP cloud service.
| FQDNs | Ports |
|---|---|
| TCP 80 |
| TCP 443 |
Prerequisite IP Addresses for Enterprise DLP Evidence Storage
Allow access to the IP addresses required to save evidence for investigative analysis
with Enterprise Data Loss Prevention (E-DLP).
Allow access to the following IP addresses on your corporate network to automatically
store and download traffic scanned by Enterprise Data Loss Prevention (E-DLP) that match your Enterprise DLP data profile for NGFW and Prisma Access tenants
managed by Panorama or Strata Cloud Manager.
- You must allow the Default IP addresses to successfully connect your evidence storage bucket to Enterprise DLP.
- To automatically store inspected files of your inspected traffic, the IP addresses you need to allow access for are dependent on the region or zone where Enterprise DLP scans traffic.
- To download stored files from your evidence storage bucket, you may also need to allow the specific user IP addresses as well. If your organization uses a virtual private network (VPN), you must allow the subnets allowed to download files from your evidence storage bucket.
Enterprise DLP requires that you allow the same IP addresses for Evidence
Storage and Syslog Forwarding on your network. You don't need to allow any
region-specific IP addresses for Evidence Storage if you have already allowed them
for Syslog Forwarding.
| Region | IP Address |
|---|---|
|
Australia
|
13.54.198.248
52.63.9.154
34.87.236.168
|
|
Canada
|
15.222.125.234
99.79.19.33
34.118.182.133
|
|
France
|
15.237.145.165
13.36.207.215
34.155.50.15
|
|
Germany
|
3.123.172.116
52.59.186.42
35.198.73.41
|
|
India
|
15.207.246.3
3.108.103.214
34.47.134.16
|
|
Japan
|
3.115.43.201
35.72.148.77
35.74.96.38
52.68.52.77
34.84.142.203
|
|
Singapore
|
13.228.151.58
52.74.82.77
34.142.217.106
|
|
U.K
|
13.43.141.10
18.169.44.228
35.177.5.4
52.56.54.90
(London, England) 35.197.230.50
|
|
(Default) U.S.A
|
3.230.176.219
3.226.106.173
18.190.146.204
3.16.224.253
34.223.123.78
52.27.148.95
34.118.182.133
35.247.194.54
34.135.174.89
34.173.206.52
34.172.74.250
34.48.104.244
35.197.73.227
34.94.161.165
34.66.246.164
35.225.238.124
35.223.231.169
34.58.60.130
35.238.28.62
34.67.76.48
104.154.217.19
35.202.179.253
34.123.101.142
|
IP Addresses for Syslog Forwarding
Allow the IP addresses required to forward DLP incident syslogs from Enterprise Data Loss Prevention (E-DLP) to manage and create workflows.
Allow the following IP addresses on your network to successfully forward
Enterprise Data Loss Prevention (E-DLP) incidents syslogs to your third-party security information and
event management (SIEM), Security Orchestration, and Response (SOAR), or other automated
ticketing systems. This enables your SOC Analysts and Incident admins to effectively
triage, review, and resolve data security risks that occur in your organization. To
forward DLP incident syslogs, the IP addresses you need to allow access for are
dependent on region or zone where the file will be scanned by Enterprise DLP.
Evidence Storage and Syslog Forwarding require you allow the same IP addresses on
your network. You don't need to allow any region-specific IP addresses for Syslog
Forwarding if already allowed for Evidence Storage.
| Region | IP Address |
|---|---|
|
Australia
|
13.54.198.248
52.63.9.154
34.87.236.168
|
|
Canada
|
15.222.125.234
99.79.19.33
34.118.182.133
|
|
France
|
15.237.145.165
13.36.207.215
34.155.50.15
|
|
Germany
|
3.123.172.116
52.59.186.42
35.198.73.41
|
|
India
|
15.207.246.3
3.108.103.214
34.47.134.16
|
|
Japan
|
3.115.43.201
35.72.148.77
35.74.96.38
52.68.52.77
34.84.142.203
|
|
Singapore
|
13.228.151.58
52.74.82.77
34.142.217.106
|
|
U.K
|
13.43.141.10
18.169.44.228
35.177.5.4
52.56.54.90
(London, England) 35.197.230.50
|
|
(Default) U.S.A
|
3.230.176.219
3.226.106.173
18.190.146.204
3.16.224.253
34.223.123.78
52.27.148.95
34.118.182.133
35.247.194.54
34.135.174.89
34.173.206.52
34.172.74.250
34.48.104.244
35.197.73.227
34.94.161.165
34.66.246.164
35.225.238.124
35.223.231.169
34.58.60.130
35.238.28.62
34.67.76.48
104.154.217.19
35.202.179.253
34.123.101.142
|
Prerequisite FQDNs for Exact Data Matching (EDM)
Fully Qualified Domain Names (FQDN) required to upload data sets for Exact Data
Matching (EDM).
To successfully create and upload data sets to Enterprise Data Loss Prevention (E-DLP) and use Exact Data Matching (EDM), you must allow
access to the following FQDNs on your network.
The EDM CLI App first hashes the data set using the SHA256 hash function when you
initiate an EDM data set upload. The EDM CLI App then encrypts the EDM data set using
AES Symmetric encryption before beginning the EDM data set upload to the Enterprise DLP EDM data set storage bucket. The raw data in your EDM data sets
never leave your organization's network, and Enterprise DLP does not store or have
access to the raw EDM data set data. Enterprise DLP stores only hashed and
encrypted EDM data set data in the EDM data set storage bucket.
- https://api.dlp.paloaltonetworks.com
- https://auth.apps.paloaltonetworks.com
- https://prod-edm-dataset-bucket.s3.us-west-2.amazonaws.com
Prerequisites for Enterprise DLP End User Alerting with Cortex XSOAR
The integrated platforms, supported applications, and configuration prerequisites
required to use the Enterprise Data Loss Prevention (E-DLP) End User Alerting with Cortex XSOAR.
Review the Palo Alto Networks product portfolio integration, supported application, and
configuration prerequisites required to use Enterprise Data Loss Prevention (E-DLP) End User Alerting
with Cortex XSOAR.
| Requirements | Panorama (Palo Alto Networks Next-Generation Firewalls) | Prisma Access (Managed by Panorama) | Strata Cloud Manager |
|---|---|---|---|
PAN-OS Release |
| N/A | |
Palo Alto Networks Product Portfolio Integration | Cortex XSOAR | ||
Supported Applications | Slack, Microsoft Teams, Email | ||
IP Mapping to Email Addresses | |||