Enterprise DLP
Report a False Positive Detection
Table of Contents
Report a False Positive Detection
Report false positive detections by
Enterprise Data Loss Prevention (E-DLP)
to Palo Alto Networks
to improve the DLP cloud service detection accuracy.Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Enterprise DLP license
|
In some instances,
Enterprise Data Loss Prevention (E-DLP)
may incorrectly detect and take action on
the file or network traffic that it should not have. This is called a
false positive
detection and they can cause
productivity impacts to individual employees and Enterprise DLP
administrators
alike. False positive detections are commonly caused by traffic match criteria in
predefined regular expression (regex).Report false positive detections to
Palo Alto Networks
to improve Enterprise DLP
detection accuracy for yourself and other Enterprise DLP
users. False
positive detections are reported against the DLP Incident where the false positive
detection occurred. The DLP Incident must meet the following conditions to report a
false positive detection:- Traffic matched against a predefined regular expression (regex) data patterns.
- The traffic is match is high confidence.
- There is a snippet available of the false positive detection to share withPalo Alto Networks
All selected DLP incident snippets are shared with
Palo Alto Networks
when you
submit a false positive report. The selected snippets are stored and accessible
by Palo Alto Networks
for up to 90 days to allow Palo Alto Networks
to
investigate and improve Enterprise DLP
detection accuracy.Reporting false positive detections for incidents generated from Email
DLP or
SaaS Security
are not supported. - Reviewed your data patterns, profiles, and Security policy rules to reduce false positive detections
- Select .
- In theIncidents, click theFilename of the false positive DLP incident you want to report toPalo Alto Networks.
- In theMatches within Data Profilewindow, clickReport False Positive.
- In theFalsely Detection Information, select one or more data patterns.The list of available data patterns is based on the data profile that generated a false positive detection. Only data patterns associated with the data profile are displayed.
- Select one or more snippets of false positive detections.You can select snippets from multiple data patterns associated with the data profile if selected.
- (Optional) Add aCommentto provide additional details toPalo Alto Networks.This helpsPalo Alto Networksunderstand how to improve the predefined data pattern match criteria or how to train the ML models to improve detection accuracy.ClickNext.
- A notification is displayed to confirm submission of the false positive report and that the snippet will be shared withPalo Alto Networksfor investigative purposes.ClickSubmitto report the false positive detection.