Administration
  • Administration
  • Enterprise DLP Documentation
  • All Documentation
>
Upload an Encrypted EDM Data Set to Enterprise DLP
Focus
Download PDF
Focus
  1. Home
  2. Enterprise DLP
  3. Configure Enterprise DLP
  4. Exact Data Matching (EDM)
  5. Upload an Encrypted EDM Data Set to Enterprise DLP Using a Configuration File
  6. Upload an Encrypted EDM Data Set to Enterprise DLP
Download PDF
Enterprise DLP

Upload an Encrypted EDM Data Set to Enterprise DLP

Table of Contents

Upload an Encrypted EDM Data Set to Enterprise DLP

Upload an encrypted Exact Data Matching (EDM) data set to the Enterprise Data Loss Prevention (E-DLP).
On May 7, 2025, Palo Alto Networks is introducing new Evidence Storage and Syslog Forwarding service IP addresses to improve performance and expand availability for these services globally.
You must allow these new service IP addresses on your network to avoid disruptions for these services. Review the Enterprise DLP Release Notes for more information.
Where Can I Use This?What Do I Need?
  • NGFW (Managed by Panorama or Strata Cloud Manager)
  • Prisma Access (Managed by Panorama or Strata Cloud Manager)
  • Enterprise Data Loss Prevention (E-DLP) license
    Review the Supported Platforms for details on the required license for each enforcement point.
Or any of the following licenses that include the Enterprise DLP license
  • Prisma Access CASB license
  • Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
  • Data Security license
Upload encrypted Exact Data Matching (EDM) data sets to the Enterprise Data Loss Prevention (E-DLP) cloud service using the EDM CLI app. The EDM CLI app supports a single EDM data set upload at a time.
  1. Create and encrypted EDM data set.
  2. Configure EDM CLI App Connectivity to Enterprise DLP if not already configured.
    If you’ve already configured the upload_config.properties file, navigate to the package-edm-secure-cli-<version>-<platform> directory where the upload_config.properties is located to modify the dataset_name value for the encrypted EDM data set you want to upload.
  3. Obtain the path for the encrypted EDM data set you created.
    In the package-edm-secure-cli-<version>-<platform> directory, open the folder containing the EDM data set and right-click the output.zip file to view the Properties. Copy the file Location.
  4. Open the terminal and navigate to the package-edm-secure-cli-<version>-<platform> directory where the EDM CLI app is located.
  5. Upload the encrypted EDM data set to the DLP cloud service.
    • Windows
      admin: edm-secure-cli.bat upload --dataset-zip-file <outpit.zip-file-location>
    • Linux
      admin: ./edm-secure-cli.sh upload --dataset-zip-file <outpit.zip-file-location>
  6. Verify that the EDM data set uploaded successfully to Enterprise DLP.
    The EDM CLI app displays a progress bar and success message to notify you whether the upload is successful.
    During the upload process, the EDM CLI app connects to Enterprise DLP to verify that you created the output.zipfile using a supported EDM CLI app version. The upload to Enterprise DLP fails if you created the output.zip file using an unsupported EDM CLI app version.
  7. Monitor the upload status of the DLP data set.
    The time it takes for an EDM data set uploaded to Enterprise DLP to be available on Strata Cloud Manager depends on the EDM data set size and internet connectivity speed. For example, a 4GB EDM data set upload typically takes about 30 minutes to display on Strata Cloud Manager and be usable in an advanced data profile.
    1. Log in to Strata Cloud Manager
    2. Select ManageConfigurationData Loss PreventionDetection MethodsExact Data Matching.
    3. The EDM data set upload is complete when the Indexing Status column displays Complete.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.