SaaS Security

Log into
Strata Cloud Manager
.
Enable Non-File Inspection.
Select
Manage
Configuration
NGFW and Prisma Access
Security Services
Decryption
and create the decryption profile and policy rule required to enable
Enterprise DLP
on
Strata Cloud Manager
.
Do not enable
Strip ALPN
in the decryption profile.
Enterprise DLP
cannot inspect egress traffic to ChatGPT if you remove application-layer protocol negotiation (ALPN) headers from decrypted traffic.
(
Optional
) Create a data pattern.
Create a custom regex data pattern to define your own match criteria. You can skip this step if you plan to use predefined or existing data patterns to define match criteria in your data filtering profile.
Create a data profile or use an existing data profile.
Select
Manage
Configuration
Data Loss Prevention
DLP Rules
and in the Actions column,
Edit
the DLP rule.
Enable
Non-File Based Match Criteria
.
DLP rules configured for non-file detection are required to prevent exfiltration of sensitive data to ChatGPT. You can further modify the DLP rule to enforce your organization’s data security standards. The DLP rule has an identical name as the data profile from which it was automatically created.
You can keep
File Based Matched Criteria
enabled or disable as needed. Enabling this setting has no impact on detection of egress traffic to ChatGPT as long as
Non-File Based Match Criteria
is enabled.

Modify the
Action
and
Log Severity
.
Modify the rest of the DLP rule as needed.
Save
.
Select
Manage
Configuration
SaaS Security
Discovered Apps
Policy Recommendations
to create a Security policy rule recommendation.
A SaaS policy rule recommendation is required to leverage the
Enterprise Data Loss Prevention (E-DLP)
data profile in
SaaS Security
.
In the Select Applications section, search for and select
ChatGPT
.

In the Data Profile section, search for and select the data profile you enabled in the previous step.
Configure the policy rule recommendation as needed.
Save
.