Data Patterns, Document Types, and Data Profiles
Focus
Focus
Enterprise DLP

Data Patterns, Document Types, and Data Profiles

Table of Contents

Data Patterns, Document Types, and Data Profiles

Predefined data patterns, document types, and data profiles included with Enterprise Data Loss Prevention (E-DLP).
Where Can I Use This?What Do I Need?
  • NGFW (Managed by Panorama or Strata Cloud Manager)
  • Prisma Access (Managed by Panorama or Strata Cloud Manager)
  • Enterprise Data Loss Prevention (E-DLP) license
    Review the Supported Platforms for details on the required license for each enforcement point.
Or any of the following licenses that include the Enterprise DLP license
  • Prisma Access CASB license
  • Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
  • Data Security license
Use predefined or create your own data patterns, document types, and data profiles. You can duplicate predefined and custom data patterns and data filtering profiles if you want to add, remove, or modify data identifiers in the existing pattern or profile. However, duplication of ML-based data patterns isn’t supported.
  • Panorama running PAN-OS 10.2.3 or earlier release and DLP plugin 3.0.3 or earlier release—A data profile supports up to 10 data patterns for a Block rule and 50 data patterns for an Alert rule.
  • Panorama running PAN-OS 10.2.4 or later release and DLP plugin 3.0.4 or later release—No limit for the number of data patterns that can be included in a data profile.
  • Panorama running PAN-OS 11.0.2 or later release and DLP plugin 4.0.1 or later release—No limit for the number of data patterns that can be included in a data profile.
  • Strata Cloud Manager—No limit for the number of data patterns or document types that can be included in a data profile.
Predefined data patterns use machine learning (ML) or regex-based detection for scanned files. All predefined data patterns include Relevant Geographies tags provided by Palo Alto Networks. These tags provide descriptive information to indicate whether a predefined data pattern applies to a specific geographic region or is globally supported. For example, the predefined Source Code - go data pattern has the Global tag because Go is a programming language used across the globe. Conversely, the predefined ID Card - USA - Driving License data pattern has the USA and North America tags because the match criteria is specific to this geographic region.
Review the lists below for all predefined data patterns, document types, and data profiles included with Enterprise Data Loss Prevention (E-DLP).

Predefined Data Patterns

Predefined regular expression (regex) data patterns available with Enterprise Data Loss Prevention (E-DLP).
Enterprise Data Loss Prevention (E-DLP) provides the following predefined regular expression (regex) data patterns and file property data patterns to all users. Palo Alto Networks also provides usage recommendations based on general business categories for the predefined Enterprise DLP data patterns; Academia, Confidential, Employment, Financial, Government, Healthcare, Legal, Marketing, or Source Code.
Pattern matching using regex is prone to false positive detections due to the nature of broad classifications. Palo Alto Networks combines Large Language Model (LLM) powered detections with context aware ML models to improve the detection accuracy of existing predefined regex data patterns to reduce false positive detections. Predefined data patterns enhanced with an additional layer of LLM powered ML detection capabilities are marked with Augmented with ML.
    Expand all
    Collapse all
  • Address Data Patterns
  • API Credentials Client ID Data Patterns
  • Bank Data Patterns
  • Bank - IBAN Data Patterns
  • Company Data Patterns
  • Credit Card Data Patterns
  • Driver License Data Patterns
  • European Health Insurance Card (EHIC) Data Patterns
  • Ethnicity Data Patterns
  • File Property Data Patterns
  • Gender Data Patterns
  • Health and Healthcare Data Patterns
  • Hardware ID Data Patterns
  • Internet Data Patterns
  • Laboratory Data Patterns
  • License Plate Data Patterns
  • Measurement Data Patterns
  • Medical Data Patterns
  • Name Data Patterns
  • National ID Data Patterns
  • Nationality Data Patterns
  • Passport Data Patterns
  • Phone Number Data Patterns
  • Postal Code Data Patterns
  • Profanity Data Patterns
  • Secret Key Data Patterns
  • Source Code Data Patterns
  • Tax ID Data Patterns

Predefined ML-Based Data Patterns

The predefined machine learning (ML) based data patterns available with Enterprise Data Loss Prevention (E-DLP).
The following are the predefined data patterns available with Enterprise Data Loss Prevention (E-DLP) that use machine learning (ML) detection for scanned files. Review the Supported Applications to learn more about the maximum file sizes Enterprise DLP supports.
    Expand all
    Collapse all
  • Bank Data Patterns
  • Credit Card Data Patterns
  • Driver's License Data Patterns
  • Financial Data Patterns
  • Health and Healthcare Data Patterns
  • Legal Data Patterns
  • National ID Data Patterns
  • Passport Data Patterns
  • Secret Key Data Patterns
  • Source Code Data Patterns

Predefined Data Profiles

Table describing the predefined data profiles provided with Enterprise Data Loss Prevention (E-DLP).
The following table describes the predefined data profiles provided with Enterprise Data Loss Prevention (E-DLP):
Predefined Data Filtering ProfileScans For
Bulk CCN
Credit card numbers or Voyager Credit card numbers (more than 100).
CCPA
California Consumer Privacy Act compliance.
Commonwealth of Australia - The Privacy Act of 1988
Detects medical conditions or diseases and lifestyle keywords that relate to medical conditions when found with PII data such as TFN and Passport.
Corporate Financial Docs
Financial accounting and generic financial information.
Financial Information
Bank statements, bank routing numbers, credit card numbers (strict checking), bankruptcy filings.
GDPR
Driver's License numbers, Tax IDs, National IDs, Passport numbers.
Gramm-Leach-Bliley Act (GLBA)
Credit card numbers, Voyager credit card numbers, Magnetic stripe information, Tax Id-US (TIN), National ID-US, Social Security Number (SSN).
Healthcare
Clinical Laboratory Improvement Amendments (CLIA) numbers, Drug Enforcement Administration (DEA) numbers, and other healthcare documents.
HIPAA
Scans for National ID - US, Social Security Number - SSN, US - Name, Date of Birth, Medical Condition, Address - US.
Identifies medical conditions or diseases, impairments lists under social security for the purposes of disability evaluation, and lifestyle keywords that relate to medical conditions.
Intellectual Property
Source code, AWS secret keys, access keys, company confidential.
Intellectual Property - Basic
Source code, AWS secret keys, access keys, company confidential.
The Intellectual Property - Basic data filtering profile contains a subset of data patterns included in the Intellectual Property data filtering profile.
Legal
Legal documents including lawsuits, M&A, standard business agreements, patents, bankruptcy filings.
Personal Health Information (PHI)
Medical codes; ICD-9, ICD-10, NPI codes, Clinical Laboratory Improvement Amendments (CLIA) number, Drug Enforcement Administration (DEA) number, and more.
PHIPA
Identifies medical conditions or diseases and lifestyle keywords that relate to medical conditions. Detects if Healthcare ID is present with other medical or PII data.
PIPEDA
Detects highly sensitive information such as SIN, Passport, CCN exist with other PII or PCI.
Personally-Identifiable Information (PII)
Tax IDs, National IDs, Passport numbers, and Driver’s License numbers.
Personally-Identifiable Information (PII) - Basic
Tax IDs and National IDs.
POPIA
Detects personally identifiable information such as Driver's License, National ID, Passport Number, and Tax ID for South Africa.
Profanity
Censored, personal, includes/excludes, homophobic, sexual.
Secrets and Credentials
Cloud database credentials, Application credentials, API access tokens, Private keys, miscellaneous secret keys.
Self Harm
Suicidal intentions.
Sensitive ContentNational ID, Bank information, AWS Secret keys or access keys, company confidential, CCN.
SOX
Identifies financial content such as invoice, personal finance, financial accounting.
U.K. PIOCPTax IDs or National IDs.

Predefined Document Types

Predefined document types included with Enterprise Data Loss Prevention (E-DLP).
Some predefined document types were originally predefined ML-based data patterns. If you have data profiles using a predefined document type converted from ML-based data patterns:
  • All existing data profile inspection will continue to function as expected.
  • All classic data profiles referencing the converted predefined ML-based data patterns listed below should be recreated to detect the predefined document types.
    A basic data profile is a data profile that includes only data pattern match criteria. Basic data profiles cannot be edited and must be recreated.
  • All advanced data profiles referencing the converted predefined ML-based data patterns should be updated to reference the appropriate predefined document types instead of the predefined ML-based data pattern.
    An advanced data profile is a data profile that includes any combination of data pattern, EDM, and document types match criteria.
    Expand all
    Collapse all
  • Bank Document Types
  • Financial Document Types
  • Legal Document Types
  • Source Code Document Types

Supported Data Profile Actions

Supported Enterprise Data Loss Prevention (E-DLP) data profile actions.
Enterprise Data Loss Prevention (E-DLP) supports creating, reading, updating, and deleting data profiles. Review the tables below to understand where a data profile can be created, viewed, updated, and deleted based on the types of data patterns defined in the data profile.
Classic Data Profiles
Platform
Create
Read
Update
Delete
Strata Cloud Manager
Not Supported
Panorama
Advanced and Nested Data Profiles
Platform
Create
Read
Update
Delete
Strata Cloud Manager
Not Supported
Panorama
Not Supported
Not Supported
Not Supported