Save Evidence for Investigative Analysis with Enterprise DLP
Create a storage bucket to store and download files that match your Enterprise Data Loss Prevention (E-DLP) data profiles.
On May 7, 2025, Palo Alto Networks is introducing new Evidence Storage and Syslog Forwarding service IP
addresses to improve performance and expand availability for these services
globally.
You must allow these new service IP addresses on your network
to avoid disruptions for these services. Review the Enterprise DLPRelease Notes for more
information.
Where Can I Use This?
What Do I Need?
NGFW (Managed by Panorama or Strata Cloud Manager)
Prisma Access (Managed by Panorama or Strata Cloud Manager)
Enterprise Data Loss Prevention (E-DLP) license
Review the Supported
Platforms for details on the required license
for each enforcement point.
Or any of the following licenses that include the Enterprise DLP license
Prisma Access CASB license
Next-Generation
CASB for Prisma Access and NGFW (CASB-X) license
Data Security license
Configure Enterprise Data Loss Prevention (E-DLP) to automatically store
evidence for traffic that matches the match sensitive data match criteria in
your data profiles. You can connect a single SFTP, AWS, or Azure storage
bucket to forward evidence. After a user generates a DLP incident, you can
download evidence of the file for further investigation.
Enterprise DLP supports evidence storage for file based traffic, non-file
based traffic, Email DLP, and Endpoint DLP.
