Enterprise DLP
Set Up SFTP Storage to Save Evidence
Table of Contents
Set Up SFTP Storage to Save Evidence
Connect SFTP server to store files that match your
Enterprise Data Loss Prevention (E-DLP)
data
profiles.Where Can I Use This? | What Do I Need? |
|---|---|
|
|
To store your files scanned by the DLP cloud service, you must specify the SFTP
server connectivity information to successfully upload and write files to a target
location on the SFTP server. When the DLP cloud service uploads a file to your SFTP
server, a
reportId
folder is created by default. All
files uploaded to your SFTP server by the DLP cloud service are uploaded to the
reportId
folder within your folder path. Files
uploaded to your SFTP server are automatically named using the SFTP target folder
location, default reportId
folder, and filename. In case of connection issues to your SFTP server due to configuration error or change
in settings on the SFTP server, an email is automatically generated and sent to the
admin that originally connected
Enterprise DLP
to the SFTP server and to the
user who last modified the storage bucket connection settings. This email is sent
out every 48 hours until the connection is restored.Files that are scanned by the DLP cloud service while
Enterprise DLP
is
disconnected from your storage bucket can’t be stored and are lost. This means
that all impacted files aren’t available for download. However, all snippet data
is preserved and can still be viewed on Enterprise DLP
on the hub.File storage automatically resumes after the connection status is restored.
This procedure assumes you have already set up an SFTP server to save evidence for
investigative analysis.
Strata Cloud Manager
Strata Cloud Manager
Connect
Strata Cloud Manager
to your SFTP server to store files that match your Enterprise Data Loss Prevention (E-DLP)
data profiles.- Review the Setup Prerequisites for Enterprise DLP and enable the required ports, full qualified domain names (FQDN), and IP addresses on your network.
- Log in toStrata Cloud Manager.Access to evidence storage settings and files onStrata Cloud Manageris allowed only for an account administrator or app administrator role withEnterprise DLPread and write privileges. This is to ensure that only the appropriate users have access to report data and evidence.
- Select and select as the Public Cloud Storage Bucket.
- Review theInstructions - SFTPand clickNext.
- Input Bucket Detailsto configure the SFTP server connection settings.
- Enter theUsernameof the SFTP server user used for secure file uploads.The user is required to have read and write access to the SFTP server.
- Enter thePrivate Keyfor the SFTP server.This is required to authenticate the SSH connection to the SFTP server. ThePrivate Keymust include both theBEGIN RSA PRIVATE KEYandEND RSA PRIVATE KEYprompts.
- (Optional) Enter the publicPGP Keyto sign and encrypt files uploaded to the SFTP server.Pretty Good Privacy (PGP) is an encryption program providing privacy and authentication for data communication, and used for signing, encrypting, and decrypting files. ThePGP Keymust include both theBEGIN RSA PRIVATE KEYandEND RSA PRIVATE KEYprompts.
- Enter theHostnameof the SFTP server.TheHostnamecan be a Fully Qualified Domain Name (FQDN) or an IPv4 address.
- (Optional) Enter theFolder Pathfor uploaded files to specify the target location where files are uploaded to on the SFTP server.If noFolder Pathis specified, the DLP cloud service creates the defaultreportIdfolder at the top-most folder theUsernamehas read and write access to. The folder path for uploaded files depends on whether aFolder Pathis specified.
- Folder Path Specified—<folder path>/reportId/<file name>
- Folder Path Not Specified—/reportId/<file name>
- Enter thePortnumber through which files are uploaded to the SFTP server.Palo Alto Networks recommends using Port 22 for file uploads to your SFTP server. For uncommon ports,Enterprise DLPneeds to open the egress port for connection and upload.
- Connectto the SFTP server.As part of the setup process, a file calledPalo_Alto_Networks_DLP_Connection_Test.txtis uploaded to the targetFolder Pathon your SFTP server. Connectivity between the DLP cloud service and your SFTP server is successful if DLP cloud service successfully uploads the test file.TheConnection Statusdisplays whether the initial connection test was successful. Continue to the next step when theBucket connected successfully.ClickPreviousif the connection isn’t successful to modify the SFTP server and connection settings as needed.
- Savethe SFTP server connectivity settings.
Panorama
Panorama
Connect the DLP app to your SFTP server to store files that match your
Enterprise Data Loss Prevention (E-DLP)
data filtering profiles.- Review the Setup Prerequisites for Enterprise DLP and enable the required ports, full qualified domain names (FQDN), and IP addresses on your network.
- Log in to the DLP app on the hub.If you don’t already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.Access to evidence storage settings and files on the hub is allowed only for an account administrator or app administrator roles with a validEnterprise DLPlicense associated with that support account. This is to ensure that only the appropriate users have access to report data and evidence.
- Select and select as the Public Cloud Storage Bucket.
- Review theInstructions - SFTPand clickNext.
- Input Bucket Detailsto configure the SFTP server connection settings.
- Enter theUsernameof the SFTP server user used for secure file uploads.The user is required to have read and write access to the SFTP server.
- Enter thePrivate Keyfor the SFTP server.This is required to authenticate the SSH connection to the SFTP server. ThePrivate Keymust include both theBEGIN RSA PRIVATE KEYandEND RSA PRIVATE KEYprompts.
- (Optional) Enter the publicPGP Keyto sign and encrypt files uploaded to the SFTP server.Pretty Good Privacy (PGP) is an encryption program providing privacy and authentication for data communication, and used for signing, encrypting, and decrypting files. ThePGP Keymust include both theBEGIN RSA PRIVATE KEYandEND RSA PRIVATE KEYprompts.
- Enter theHostnameof the SFTP server.TheHostnamecan be a Fully Qualified Domain Name (FQDN) or an IPv4 address.
- (Optional) Enter theFolder Pathfor uploaded files to specify the target location where files are uploaded to on the SFTP server.If noFolder Pathis specified, the DLP cloud service creates the defaultreportIdfolder at the top-most folder theUsernamehas read and write access to. The folder path for uploaded files depends on whether aFolder Pathis specified.
- Folder Path Specified—<folder path>/reportId/<file name>
- Folder Path Not Specified—/reportId/<file name>
- Enter thePortnumber through which files are uploaded to the SFTP server.Palo Alto Networks recommends using Port 22 for file uploads to your SFTP server. For uncommon ports,Enterprise DLPneeds to open the egress port for connection and upload.
- Connectto the SFTP server.As part of the setup process, a file calledPalo_Alto_Networks_DLP_Connection_Test.txtis uploaded to the targetFolder Pathon your SFTP server. Connectivity between the DLP cloud service and your SFTP server is successful if DLP cloud service successfully uploads the test file.TheConnection Statusdisplays whether the initial connection test was successful. Continue to the next step when theBucket connected successfully.ClickPreviousif the connection isn’t successful to modify the SFTP server and connection settings as needed.
- Savethe SFTP server connectivity settings.