Data Asset Explorer
The Data Asset Explorer provides comprehensive visibility into all sensitive assets
detected across your organization.
On
May 7, 2025,
Palo Alto Networks is introducing new
Evidence Storage and
Syslog Forwarding service IP
addresses to improve performance and expand availability for these services
globally.
| Where Can I Use This? | What Do I Need? |
|---|
- NGFW (Managed by Panorama or Strata Cloud Manager)
- Prisma Access (Managed by Panorama or Strata Cloud Manager)
Prisma Browser
|
Or any of the following licenses that include the Enterprise DLP license
- Prisma Access CASB license
- Next-Generation
CASB for Prisma Access and NGFW (CASB-X) license
- Data Security license
|
The Data Asset Explorer eliminates the fragmented approach to data security that leaves
organizations vulnerable. It provides comprehensive visibility into all sensitive files,
messages, and non-file based traffic, referred to as assets, detected by Enterprise Data Loss Prevention (E-DLP) across your data security enforcement channels. The Data Asset
Explorer allows your data security admins to perform cross-channel asset discovery,
centralize your data security risk assessments, and provides enterprise-wide visibility
into sensitive assets moving to and from apps and peripherals, and across your
network.
The core concept of Data Asset Explorer is to provide a single pane of glass for viewing
and managing sensitive data assets. It allows admins to:
- Discover and inventory sensitive assets across various platforms and channels
- Analyze data sensitivities, types, and distribution patterns
- Investigate asset metadata, activities, matched policy rules, and incidents
- Visualize data leak paths and potential vulnerabilities
By centralizing this information and functionality, Data Asset Explorer enables data
security teams to make informed decisions, optimize their Security policy rules, and
enhance their overall data protection strategies. It transforms fragmented data security
management into a cohesive and efficient process to strengthen your organization's
security posture.
You can
access the Data Asset Explorer on
Strata Cloud Manager () only.
Filters
The Data Asset Explorer allows you to apply filters to narrow down the scope of
sensitive assets the Data Asset Explorer displays. Apply these filters to more
quickly identify the sensitive assets you want to investigate. The Data Asset
Explorer automatically applies any filters to the Asset Aggregates widget and
the Assets table.
Time Filter—Specify the time frame to narrow down the list of
sensitive assets. You can select Past 1 Hour,
Past 3 Hours, Past 24
Hours, Past 7 Days,
Past 30 Days, or Past 90
Days.
Region—Select the region where Enterprise DLP inspected
sensitive assets. The default Global displays all
sensitive assets detected across all regions.
- GenAI Apps Only—Toggle this filter to display only
the GenAI apps supported by Enterprise DLP.
Add Filter—Add additional filters to narrow down
the scope of assets.
Reset—Remove any of the additional filters added.
This does not remove the time, region, or GenAI apps only filters.
Asset Aggregates
Asset Aggregates Widget
The Asset Aggregates widget provides an interactive visualization to view
aggregated asset information detected by Enterprise DLP. Click on
the asset characteristics to automatically apply filters to and narrow
down the number of assets displayed. Click on the same characteristic
again to remove the filter.
The characters described below display only if Enterprise DLP has
matching data. For example, you apply the Past 7
Days filter and Asset Type
displays Data at Rest and
Data in Motion but only displays
Data in Motion when you apply the
Past 24 Hours. This is because Enterprise DLP inspected traffic for both data at rest and in
motion at some point in the last seven days, but only sensitive data in
motion detected by Enterprise DLP in the past 24 hours.
Applications—App classification for
inspected traffic.
Can be Sanctioned,
Tolerated, or
Unsanctioned.
Data Type—Data asset
file type, message, or
non-file traffic inspected by
Enterprise DLP. The Data
Asset Explorer lists the four data asset types with the largest
number of assets and displays
Others to
combine all other data asset types.
Asset Type—Type asset traffic inspected.
Can be Data at Rest or Data in
Motion.
Can be Blocked,
Alerted,
Quarantined, or
Deleted.
Data Profiles—
Data
profiles containing the match criteria the asset
inspected by
Enterprise DLP matched against. The Data Asset
Explorer lists the four data profiles with the largest number of
traffic matches and displays
Others to
combine all other data profiles.
Channels—Data security channel where Enterprise DLP inspection and verdict rendering occurred.
Can be NGFW,
Prisma Access,
Email DLP,
Endpoint DLP,
SaaS API, or PA
Browser.
Users—Top users who uploaded, downloaded,
sent messages, or generated non-file based data assets forwarded
to Enterprise DLP for inspection.
Assets by Risk—Distribution of the assets across different Risk
Scores as defined in the
DLP rule (
Strata Cloud Manager) or
data profile (
Panorama).
Top Users—Top 3 users who uploaded data assets containing
sensitive data based on the currently applied filters and the total
number of data assets.
Top Applications—Top 3 apps where users uploaded, downloaded, sent
messages, or generated non-file based data assets containing sensitive
data and the total number of data assets.
This Assets by Risk, Top Users, and Top Applications
data are a summary of the total assets based on the currently selected time
filter. Click the asset value to automatically apply the corresponding
filters to the Asset Aggregates widget.
Asset List
List of all data assets inspected by Enterprise DLP. This list dynamically
updates based on the currently applied filters.
Last Modified—Date and time Enterprise DLP inspected the
asset, message, or non-file based traffic.
Name—Name of the asset inspected by Enterprise DLP. Click the
asset Name to view the asset details.
Channel—Data security channel that forwarded the asset to Enterprise DLP for inspection.
Can be NGFW,
Prisma Access,
Email DLP, Endpoint
DLP, SaaS API, or
PA Browser.
Data Risk Score—A
Data risk score assigned to the
asset to measure the overall risk the asset poses to your
organization.
(
Data Security only)
Exposure—
Exposure level describing the
accessibility of the asset.
Data Profiles—One or more
Data profiles containing the
match criteria the asset inspected by
Enterprise DLP matched
against.
Application Name—App-ID of the destination or source app.
User—User who uploaded or downloaded the asset to the destination
or source app. If you enabled
Cloud Identity Engine (CIE),
the user identification displays here.
File Format—File format of the asset inspected by Enterprise DLP.
(Email File Format only) Actions—Expand the Actions menu
to open the email inspected by Enterprise DLP.
Asset Details
The Asset Details provides detailed information about the asset inspected by Enterprise DLP.
General Info—General information of the asset that includes
information such as the asset name, type, and the data security channel
where Enterprise DLP detected the asset.
Data—Information about the asset. This can include the data risk
score, the size of the asset, the data profiles containing the match
criteria the asset matched against, and the data type of the asset.
User—Information about the users who own the asset or have
uploaded or download the asset, sent a message, or generated
non-file-based traffic.
(
SaaS API Channel only)
Exposure—
Data Security
exposure level information.
Application—Information about the specific source or destination
app including the App-ID and classification.
Matches Within Data Profile—Displays snippets of the asset that
matched the data pattern match criteria within the data profile.
Policies—Policy rules that match the selected asset.
User Activities—Information about the users who uploaded,
downloaded, sent messages, or generated non-file based data assets.
