Enterprise DLP
Modify a DLP Rule on Strata Cloud Manager
Table of Contents
Expand All
|
Collapse All
Enterprise DLP Docs
Modify a DLP Rule on Strata Cloud Manager
Modify an Enterprise Data Loss Prevention (E-DLP) rule to enforce data security standards for Prisma Access (Managed by Strata Cloud Manager) on Strata Cloud Manager.
Where Can I Use This? | What Do I Need? |
---|---|
|
Or any of the following licenses that include the Enterprise DLP license
|
Configure a DLP rule to define the type of traffic to inspect, the impacted file types, action,
and log severity for the data profile match criteria. Enterprise DLP
automatically creates a DLP rule when you create a new data profile. After you configure the data filtering
profile, you must create a Profile Group containing the data filtering profile and
attached it to a Security policy rule so Prisma Access can enforce your data
security standards.
- Log in to Strata Cloud Manager.Create a data profile.Select ManageConfigurationData Loss PreventionDLP Rules and in the Actions column, Edit the DLP rule.The DLP rule has an identical name as the data profile from which it was automatically created.(Optional) Enter a Description for the DLP rule.Modify the DLP rule Match Criteria.
- File Based
- Enable DLP rule match criteria for file-based based traffic.
- (Prisma Access 5.1 and later) Select the File Scan Mode to explicitly include or exclude specific file types.A DLP rule supports only one type of file mode. You can't configure a DLP rule to both include and exclude specific file types.
- Include—Enterprise DLP only inspects the selected file types. All other file types are ignored and not sent to Enterprise DLP for inspection and verdict rendering.
- Exclude—The NGFW or Prisma Access tenant ignores the selected file types and doesn't send them Enterprise DLP for inspection and verdict rendering. The NGFW or Prisma Access tenant forwards all other file types to Enterprise DLP.
- Specify one or more supported file types to include in the match criteria.All supported file types are included in the match criteria by default.
- Specify the File Direction (Upload, Download, or Both).The default file direction is Upload. File direction support is dependent on the app. Review the list of supported apps to learn which file directions Enterprise DLP supports.
- Non-File Based
- Enable DLP rule match criteria for non-file based traffic.
Configure the Action & Log settings.- Select the Action (Alert, or Block) taken when Enterprise DLP detects sensitive data.The default action is Alert.Set the Log Severity when Enterprise DLP detects traffic that matches the DLP rule.The default severity is Low.Create a Shared Profile Group for the Enterprise DLP data filtering profile.
- Select ManageConfigurationSecurity ServicesProfile Groups and Add Profile Group.Enter a descriptive Name for the Profile Group.For the Data Loss Prevention Profile, select the Enterprise DLP data profile.Add any other additional profiles as needed.Save the profile group.Create a Security policy and attached the Profile Group.
- Select ManageConfigurationSecurity Policy and Add Rule.You can also update an existing Security policy to attach a Profile Group for Enterprise DLP filtering.Configure the Security policy as needed.Navigate to the Action and Advanced Inspection section, and select the Profile Group you created in the previous step.Save the Security policy.Push Config and push your configuration changes.