Prerequisite FQDNs for Exact Data Matching (EDM)
Focus
Focus
Enterprise DLP

Prerequisite FQDNs for Exact Data Matching (EDM)

Table of Contents


Prerequisite FQDNs for Exact Data Matching (EDM)

Fully Qualified Domain Names (FQDN) required to upload data sets for Exact Data Matching (EDM).
To ensure General Data Protection Regulation (GDPR) compliance, the EDM CLI app hashes and encrypts EDM data sets before upload to the Enterprise DLP EDM data set storage bucket. The EDM CLI app first hashes the data set using the SHA256 hash function when you initiate an EDM data set upload. The EDM CLI app then encrypts the EDM data set using AES Symmetric encryption before beginning the EDM data set upload to the Enterprise DLP EDM data set storage bucket. The raw data in your EDM data sets never leave your organization's network, and Enterprise DLP does not store or have access to the raw EDM data set data. Enterprise DLP stores only hashed and encrypted EDM data set data in the EDM data set storage bucket. Review the Enterprise DLP Privacy Datasheet for more information about how Enterprise DLP captures, processes, and stores personal information.
You need to allow the following FQDNs on your network to use EDM:
  • API Egressβ€”https://api.dlp.paloaltonetworks.com
    Required for commercial and FedRAMP users to allow egress access to Enterprise DLP EDM API and allow EDM functionality on your network.
  • EDM Client Authorizationβ€”https://auth.apps.paloaltonetworks.com
    Required for Enterprise DLP to authorize EDM client tokens for commercial and FedRAMP users.
  • (FedRAMP High only) FedRAMP High Authorizationβ€”https://auth.fed.apps.paloaltonetworks.us
    Required by FedRAMP High users to authorize Enterprise DLP EDM functionality on your network.
  • EDM Data Set Uploadsβ€”The country-specific Public API URL and Storage Bucket FQDNs where you want EDM data sets stored.
    You must allow both FQDNs to successfully upload hashed and encrypted EDM data sets to an Enterprise DLP storage bucket.
  • Country Storage Buckets
    Country
    Public API URL
    Storage Bucket
    Australia
    https://au-oauth.dss.paloaltonetworks.com
    https://prod-edm-dataset-bucket.s3.ap-southeast-2.amazonaws.com
    Canada
    https://ca-oauth.dss.paloaltonetworks.com
    https://prod-edm-dataset-bucket.s3.ca-central-1.amazonaws.com
    France
    https://fr-oauth.dss.paloaltonetworks.com
    https://prod-edm-dataset-bucket.s3.eu-west-3.amazonaws.com
    Germany
    https://emea-oauth.dss.paloaltonetworks.com
    https://prod-edm-dataset-bucket.s3.eu-central-1.amazonaws.com
    India
    https://in-oauth.dss.paloaltonetworks.com
    https://prod-edm-dataset-bucket.s3.ap-south-1.amazonaws.com
    Japan
    https://jp-saas-oauth.dss.paloaltonetworks.com
    https://prod-edm-dataset-bucket.s3.ap-northeast-1.amazonaws.com
    Singapore
    https://apac-oauth.dss.paloaltonetworks.com
    https://prod-edm-dataset-bucket.s3.ap-southeast-1.amazonaws.com
    Switzerland
    https://sui-oauth.dss.paloaltonetworks.com
    https://prod-edm-dataset-bucket.s3.eu-central-2.amazonaws.com
    United Kingdom
    https://uk-oauth.dss.paloaltonetworks.com
    https://prod-edm-dataset-bucket.s3.eu-west-2.amazonaws.com
    United States
    https://nam-west-oauth.dss.paloaltonetworks.com
    https://prod-edm-dataset-bucket.s3.us-west-2.amazonaws.com
  • FedRAMP Storage Buckets
    Country
    Public API URL
    Storage Bucket
    FedRAMP Impact Level
    United States
    https://apigov.dlp.pubsec-cloud.paloaltonetworks.com
    https://prod-edm-dataset-bucket.us-gov-west-1.amazonaws.com
    Moderate
    United States
    https://api-gov.dlp.paloaltonetworks.com
    https://prod-edm-dataset-bucket.us-gov-west-1.amazonaws.com
    High