Enterprise DLP
Prerequisite FQDNs for Exact Data Matching (EDM) and Data Dictionaries
Table of Contents
Expand All
|
Collapse All
Enterprise DLP Docs
Prerequisite FQDNs for Exact Data Matching (EDM) and Data Dictionaries
Fully Qualified Domain Names (FQDN) required to upload data sets for Exact Data
Matching (EDM).
To ensure General Data Protection Regulation (GDPR) compliance, the EDM CLI app hashes
and encrypts EDM data sets before upload to the Enterprise DLP EDM data set storage
bucket. The EDM CLI app first hashes the data set using the SHA256 hash function when
you initiate an EDM data set upload. The EDM CLI app then encrypts the EDM data set
using AES Symmetric encryption before beginning the EDM data set upload to the Enterprise DLP EDM data set storage bucket. The raw data in your EDM data sets
never leave your organization's network, and Enterprise DLP does not store or have
access to the raw EDM data set data. Enterprise DLP stores only hashed and
encrypted EDM data set data in the EDM data set storage bucket. Review the Enterprise DLP
Privacy Datasheet for more information about
how Enterprise DLP captures, processes, and stores personal information.
You need to allow the following FQDNs on your network to use EDM:
- API Egressβhttps://api.dlp.paloaltonetworks.comRequired for commercial and FedRAMP users to allow egress access to Enterprise DLP EDM API and allow EDM functionality on your network.
- EDM Client Authorizationβhttps://auth.apps.paloaltonetworks.comRequired for Enterprise DLP to authorize EDM client tokens for commercial and FedRAMP users.
- (FedRAMP High only) FedRAMP High Authorizationβhttps://auth.fed.apps.paloaltonetworks.usRequired by FedRAMP High users to authorize Enterprise DLP EDM functionality on your network.
- EDM Data Set and Data Dictionary UploadsβThe country-specific Public API URL and Storage Bucket FQDNs where you want EDM data sets and data dictionaries stored.You must allow both FQDNs to successfully upload hashed and encrypted EDM data sets or a data dictionary to an Enterprise DLP storage bucket.
- Country Storage BucketsCountryPublic API URLStorage BucketAustraliahttps://au-oauth.dss.paloaltonetworks.comhttps://prod-edm-dataset-bucket.s3.ap-southeast-2.amazonaws.comCanadahttps://ca-oauth.dss.paloaltonetworks.comhttps://prod-edm-dataset-bucket.s3.ca-central-1.amazonaws.comFrancehttps://fr-oauth.dss.paloaltonetworks.comhttps://prod-edm-dataset-bucket.s3.eu-west-3.amazonaws.comGermanyhttps://emea-oauth.dss.paloaltonetworks.comhttps://prod-edm-dataset-bucket.s3.eu-central-1.amazonaws.com
India https://in-oauth.dss.paloaltonetworks.comhttps://prod-edm-dataset-bucket.s3.ap-south-1.amazonaws.comJapanhttps://jp-saas-oauth.dss.paloaltonetworks.comhttps://prod-edm-dataset-bucket.s3.ap-northeast-1.amazonaws.comSingaporehttps://apac-oauth.dss.paloaltonetworks.comhttps://prod-edm-dataset-bucket.s3.ap-southeast-1.amazonaws.comSwitzerlandhttps://sui-oauth.dss.paloaltonetworks.comhttps://prod-edm-dataset-bucket.s3.eu-central-2.amazonaws.comUnited Kingdomhttps://uk-oauth.dss.paloaltonetworks.comhttps://prod-edm-dataset-bucket.s3.eu-west-2.amazonaws.comUnited States https://nam-west-oauth.dss.paloaltonetworks.comhttps://prod-edm-dataset-bucket.s3.us-west-2.amazonaws.com - FedRAMP Storage BucketsCountryPublic API URLStorage BucketFedRAMP Impact Level
United States https://apigov.dlp.pubsec-cloud.paloaltonetworks.comhttps://prod-edm-dataset-bucket.us-gov-west-1.amazonaws.comModerateUnited States https://api-gov.dlp.paloaltonetworks.comhttps://prod-edm-dataset-bucket.us-gov-west-1.amazonaws.comHigh