Enterprise DLP
Archive and Restore a Data Pattern
Table of Contents
Archive and Restore a Data Pattern
On May 7, 2025, Palo Alto Networks is introducing new Evidence Storage and Syslog Forwarding service IP
addresses to improve performance and expand availability for these services
globally.
You must allow these new service IP addresses on your network
to avoid disruptions for these services. Review the Enterprise DLP
Release Notes for more
information.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Enterprise DLP license
|
Effective data loss prevention requires continuous adaptation to evolving data
security needs. You can archive and restore your custom Enterprise Data Loss Prevention (E-DLP)
data patterns to help reduced configuration sprawl, administrative overhead, and
difficulty maintaining an optimized data protection strategy.
Before you can archive a data pattern, you must remove the data pattern from
all data profiles and Data Security (SaaS API) data asset policy rule you associated it
with. You can choose to recover an archived data pattern which allows for
correction of errors or adaptation to evolving requirements if you need to use an
archived data pattern once more.
Enterprise DLP generates an audit log when you archive or
restore a data pattern. The audit log includes the user who archived the pattern,
the affected data pattern, and the timestamp of when the data pattern was
archived.
Enterprise DLP doesn't support data pattern archive, restore, or rename if
your Customer Support Portal (CSP) tenant has a Panorama® management server
associated with it even if you manage your Enterprise DLP explicitly from
Strata Cloud Manager.
Archive a Data Pattern
Archive a custom, file property, or cloned Enterprise Data Loss Prevention (E-DLP) data
pattern.
- Log in to Strata Cloud Manager.Create a custom or file property data pattern, or clone a predefined data pattern to custom match criteria.Enterprise DLP doesn't supporting archiving a predefined data pattern.Select .(Optional) In the Active data patterns, apply any filters or search for the data patterns you want to archive.Select one or more data patterns to Archive.
- Archive a Single Data Pattern—You can expand the Actions settings and Archive the data pattern, or click Archive.
![]()
- Archive Multiple Data Patterns—Select the data patterns and Archive them.
![]()
Resolve any data pattern in issues errors preventing archival Archive the selected data patterns.Skip this step to confirm the archival if none of the data patterns you selected are in use.Enterprise DLP prompts you with a list of the data patterns ready to archive and those currently in use if one or more data pattern are currently being used in a data profile or a Data Security (SaaS API) data asset policy rule.In the example below four data patterns are being archived. In this case, Archive Data Pattern 2, 3, and 4 aren't in use and are ready for archival. You can Archive these data patters. Continue to the next step to confirm the archival.However, the Archive Data Pattern is in use in the Archive Data Pattern - Profile data profile. Click the Data Profile name to navigate to the data profile so you can update and remove it. After removing Archive Data Pattern, you can select and archive the data pattern. Continue to the next step to confirm the archival.![]()
You are prompted to confirm you want to archive the data patterns. Click Archive to confirm.If you selected one or more data patterns to archive, clicking Cancel deselects them.![]()
Enterprise DLP displays when it successfully archived the data pattern in the upper right-hand corner.![]()
Click Archived to view the list of archived.Enterprise DLP updates the name of the now archived data pattern to <data-pattern-name>_archived_<archive-date> where the archive date format is YYYYMMDDHRMMSSS.Enterprise DLP updates the data pattern name for all DLP incidents with the new archived data pattern name amendment after you archive a data pattern.![]()
Restore a Data Pattern
Restore an archived Enterprise Data Loss Prevention (E-DLP) data pattern.- Log in to Strata Cloud Manager.Archive one or more custom or file property data patterns, or cloned predefined data pattern data patterns.Select and select Archived.(Optional) Apply any filters or search for the data patterns you want to restore.Locate the data pattern you want to restore and expand the Actions settings to Restore the data pattern.Enterprise DLP supports restoring one data pattern at a time. You can't restore multiple data patters at once.
![]()
You are prompted to confirm you want to restore the data patterns. Click Restore to confirm.You have the option to rename the data pattern if needed. If you rename the data pattern name, Enterprise DLP automatically updates all DLP incidents and DLP incident snippets associated with the old data pattern name to the new data pattern name.Enterprise DLP generates an audit log if you rename the data pattern.Enterprise DLP updates the data pattern name for all DLP incidents with the new data pattern name if change the name when restoring the data pattern.![]()
View your Active data patterns and verify that Enterprise DLP successfully restored the data pattern.Remove any search terms if filtered your Archived data patterns using a search filter.![]()
