Data Profiles
Focus
Focus
Enterprise DLP

Data Profiles

Table of Contents

Data Profiles

Create and configure an Enterprise Data Loss Prevention (E-DLP) profile.
On May 7, 2025, Palo Alto Networks is introducing new Evidence Storage and Syslog Forwarding service IP addresses to improve performance and expand availability for these services globally.
You must allow these new service IP addresses on your network to avoid disruptions for these services. Review the Enterprise DLP Release Notes for more information.
Where Can I Use This?What Do I Need?
  • NGFW (Managed by Panorama or Strata Cloud Manager)
  • Prisma Access (Managed by Panorama or Strata Cloud Manager)
  • Enterprise Data Loss Prevention (E-DLP) license
    Review the Supported Platforms for details on the required license for each enforcement point.
Or any of the following licenses that include the Enterprise DLP license
  • Prisma Access CASB license
  • Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
  • Data Security license
To get started, you’ll first create a data pattern that specifies the information types and fields that you want the firewall to filter. Then, you attach that pattern to a data filtering profile, which specifies how you want to enforce the content that the firewall filters. Add the data filtering profile to a Security policy rule to start filtering traffic matching the rule.
Enterprise Data Loss Prevention (E-DLP) profiles specify how you want to enforce the sensitive content that you’re filtering. Predefined data profiles have data patterns that include industry-standard data identifiers, keywords, and built-in logic in the form of machine learning, regular expressions, and checksums for legal and financial data patterns.
Enterprise DLP profiles are active only when they’re attached to a Security policy rule; they scan traffic that matches the rule. If a user uploads a file that matches a data pattern, an alert is triggered or the file is blocked (depending on the action you define in the DLP profile).
You can't delete data profiles after creation. See the Supported Data Profile Actions for more information on the data profile actions Enterprise DLP supports.
Profile Activity
Description
On Strata Cloud Manager, a classic data profile is data profile that includes only regular expression (regex) match criteria or a data dictionary.
Enterprise DLP considers a data filtering profile created on Panorama as a classic data profile as well.
An advanced data profile is a data profile that can predefined ML-based data profiles and AI/ML and cloud-based advanced detection methods.
A nested data profile contains multiple data profiles and enables your data security administrator to consolidate the match criteria to prevent exfiltration of sensitive data to a single data profile that you can associate with a single Security policy rule.
For a nested data profile, the DLP rule settings apply to all data profiles added to the nested data profile.
A granular data profile contains multiple data profiles and enhance your detection capabilities by enabling your data security administrators to apply differentiated inline content inspection requirements and response actions within the same Security policy rule.
For a granular data profile, your data security administrator configures the DLP rule settings for each data profile added to the granular data profile.
Update a classic, advanced, nested, or granular data profile to update the match criteria and settings.
Test the efficacy of your data profiles on Strata Cloud Manager before pushing them to your enforcement points.
Resolve data profile synchronization conflicts between Strata Cloud Manager and Panorama that can lead configurations commit failures or for data filtering profiles to be silently overwritten, which can cause security disruptions and protection gaps.