Enterprise DLP
Strata Cloud Manager
Table of Contents
Strata Cloud Manager
Strata Cloud Manager
Edit the
Enterprise Data Loss Prevention (E-DLP)
data filtering settings for Prisma Access Prisma Access (Managed by Strata Cloud Manager)
and SaaS Security
on Strata Cloud Manager
.- Log in toStrata Cloud Manager.
- Selectand edit the Data Transfer settings.ManageConfigurationData Loss PreventionSettingsData Transfer
- Edit the File Based Settings.
- Specify theMax Latency (sec)for a file upload before an action is taken byStrata Cloud Manager.For inspection of files greater than 20 MB, Palo Alto Networks recommends setting the max latency to greater than60seconds.
- Specify theAction on Max Latency(AlloworBlock)Strata Cloud Managertakes if no verdict was received for a file upload due to the upload time exceeding the configuredMax Latency.SelectingBlockapplies only to DLP rules configured to block files. This setting doesn’t impactEnterprise DLPdata profiles configured to alert when traffic containing sensitive data is scanned.
- Specify theMax File Size (MB)to enforce the maximum file size for files uploaded to the DLP cloud service for inspection.
- Specify theAction on Max File Size(BlockorAllow)Strata Cloud Managertakes if no verdict was received for a file upload due to the file size being larger than the configuredMax File Size.SelectingBlockapplies only to DLP rules configured to block files. This setting doesn’t impactEnterprise DLPdata filtering profiles configured to alert when traffic containing sensitive data is scanned.
- Check (enable)Log Files Not Scannedto generate an alert in the DLP incident when a file can’t be scanned to the DLP cloud service.
- Save.
- Edit the Non-File Based Settings.
- Enable non-file based DLP.Enable this setting to prevent exfiltration of sensitive data in non-file format traffic for collaboration applications, web forms, cloud and SaaS applications, and social media on your network
- Specify theMax Latency (sec)to configure the allowable time for a non-file data uploads to determine the allowable time before an action is taken byCloud Management.
- Specify theAction on Max Latency(AlloworBlock)Strata Cloud Managertakes if no verdict was received for a non-file traffic data upload due to the upload time exceeding the configuredMax Latency.SelectingBlockapplies only to DLP rules configured to block non-file data. This setting doesn’t impactEnterprise DLPdata profiles configured to alert when traffic containing sensitive data is scanned.
- Specify theMin Data Size (B)to enforce a minimum size for non-file data to be scanned by the DLP cloud service.
- Specify theMax Data Size (KB)to enforce a maximum size for non-file data to be scanned by the DLP cloud service.
- Specify theAction on Data File Size(AlloworBlock)Strata Cloud Managertakes if no verdict was received for a non-file traffic data upload due to the traffic data size being larger than the configuredMax Data Size.SelectingBlockapplies only to DLP rules configured to block non-file data. This setting doesn’t impactEnterprise DLPdata profiles configured to alert when traffic containing sensitive data is scanned.
- Check (enable)Log Data Not Scannedto generate an alert in the DLP incident when non-file data can’t be scanned by the DLP cloud service.
- Save.
- In the DLP Settings, specify the actionStrata Cloud Managertakes when an error is encountered while being scanned by the DLP cloud service.SelectAllowto allow the file upload to continue when an error is encountered orBlockto block the upload.Saveto apply the setting.
- Push your data filtering profile.
- Push ConfigandPush.
- Select (enable)Remote NetworksandMobile Users.
- Push.