On
May 7, 2025,
Palo Alto Networks is introducing new
Evidence Storage and
Syslog Forwarding service IP
addresses to improve performance and expand availability for these services
globally.
| Where Can I Use This? | What Do I Need? |
|---|
- NGFW (Managed by Strata Cloud Manager)
- Prisma Access (Managed by Strata Cloud Manager)
Prisma Browser
|
Or any of the following licenses that include the Enterprise DLP license
- Prisma Access CASB license
- Next-Generation
CASB for Prisma Access and NGFW (CASB-X) license
- Data Security license
|
Effective data loss prevention requires continuous adaptation to evolving data
security needs. You can archive and restore your custom Enterprise Data Loss Prevention (E-DLP)
data patterns to help reduce configuration sprawl, administrative overhead, and
difficulty maintaining an optimized data protection strategy.
Before you can
archive a data pattern, you must remove the data pattern from
all data profiles and
Data Security (SaaS API)
data asset policy rule you associated it
with. You can choose to
recover an archived data pattern which allows for
correction of errors or adaptation to evolving requirements if you need to use an
archived data pattern once more.
Enterprise DLP generates an
audit log when you archive or
restore a data pattern. The audit log includes the user who archived the pattern,
the affected data pattern, and the timestamp of when the data pattern was
archived.
Enterprise DLP doesn't support data pattern archive, restore, or rename if
your Customer Support Portal (CSP) tenant has a Panorama® management server
associated with it even if you manage your Enterprise DLP explicitly from
Strata Cloud Manager.
Archive a Data Pattern
Archive a custom, file property, or cloned Enterprise Data Loss Prevention (E-DLP) data
pattern.
Log in to
Strata Cloud Manager.
Create a
custom or
file property data pattern, or
clone a predefined data
pattern to custom match criteria.
Enterprise DLP doesn't supporting archiving a predefined data
pattern.
Select .
(
Optional) In the
Active data patterns, apply
any filters or search for the data patterns you want to archive.
Select one or more data patterns to
Archive.
Archive a Single Data Pattern—You can expand the
Actions settings and
Archive the data pattern, or click
Archive.
Archive Multiple Data Patterns—Select the data patterns and
Archive them.
Resolve any data pattern in issues errors preventing archival Archive the
selected data patterns.
Skip this step to confirm the archival if none of the data patterns you
selected are in use.
Enterprise DLP prompts you with a list of the data patterns ready to
archive and those currently in use if one or more data pattern are currently
being used in a
data profile or a
Data Security (SaaS API)
data asset policy rule.
In the example below four data patterns are being archived. In this case,
Archive Data Pattern 2,
3, and 4
aren't in use and are ready for archival. You can
Archive these data patters. Continue to the next
step to confirm the archival.
However, the
Archive Data Pattern is in use in
the
Archive Data Pattern - Profile data
profile. Click the
Data Profile name to navigate to
the data profile so you can
update and remove it.
After removing
Archive Data Pattern, you can
select and archive the data pattern. Continue to the next step to confirm
the archival.
You are prompted to confirm you want to archive the data patterns. Click
Archive to confirm.
If you selected one or more data patterns to archive, clicking
Cancel deselects them.
Enterprise DLP displays when it successfully archived the data pattern in
the upper right-hand corner.
Click
Archived to view the list of archived.
Enterprise DLP updates the name of the now archived data pattern to
<data-pattern-name>_archived_<archive-date>
where the archive date format is
YYYYMMDDHRMMSSS.
Enterprise DLP updates the data pattern name for all
DLP incidents with the new archived data pattern
name amendment after you archive a data pattern.
Restore a Data Pattern
Restore an archived Enterprise Data Loss Prevention (E-DLP) data pattern.
Log in to
Strata Cloud Manager.
Archive one or more
custom or
file property data patterns, or
cloned predefined data
pattern data patterns.
Select and select
Archived.
(
Optional) Apply any filters or search for the data patterns you want
to restore.
Locate the data pattern you want to restore and expand the
Actions settings to
Restore
the data pattern.
Enterprise DLP supports restoring one data pattern at a time. You can't
restore multiple data patters at once.
You are prompted to confirm you want to restore the data patterns. Click
Restore to confirm.
You have the option to rename the data pattern if needed. If you rename the
data pattern name, Enterprise DLP automatically updates all DLP
incidents and DLP incident snippets associated with the old data pattern
name to the new data pattern name.
Enterprise DLP generates an audit log if you rename the data
pattern.
Enterprise DLP updates the data pattern name for all
DLP incidents with the new data pattern name if
change the name when restoring the data pattern. It takes about 10 minutes
for the new data pattern name to reflect in the Incident Manager for
existing and new incidents.
View your
Active data patterns and verify that
Enterprise DLP successfully restored the data pattern.
Remove any search terms if filtered your
Archived data patterns using a search
filter.
