Focus

Enterprise DLP

Edit the Enterprise DLP Snippet Settings

Table of Contents

Edit the Enterprise DLP Data Filtering Settings

Configure Syslog Forwarding for Enterprise DLP Incidents

The Enterprise Data Loss Prevention (E-DLP) snippet settings allow you to configure if and how snippets of matched traffic are stored in the DLP cloud service.

On May 7, 2025, Palo Alto Networks is introducing new Evidence Storage and Syslog Forwarding service IP addresses to improve performance and expand availability for these services globally.

You must allow these new service IP addresses on your network to avoid disruptions for these services. Review the Enterprise DLP Release Notes for more information.

Where Can I Use This?	What Do I Need?
NGFW (Managed by Panorama or Strata Cloud Manager) Prisma Access (Managed by Panorama or Strata Cloud Manager)	Enterprise Data Loss Prevention (E-DLP) license Review the Supported Platforms for details on the required license for each enforcement point. (`Email DLP only`) Data Security and Email DLP licenses (`Endpoint DLP only`) Endpoint DLP license Or any of the following licenses that include the Enterprise DLP license Prisma Access CASB license Next-Generation CASB for Prisma Access and NGFW (CASB-X) license Data Security license

A snippet is evidence or identifiable information associated with a data pattern match. You can configure if and how Enterprise Data Loss Prevention (E-DLP) stores and masks snippets of sensitive data that match your data pattern match criteria in an Enterprise DLP data profiles in the DLP cloud service. Your snippet setting configuration determines how snippets of matched traffic are displayed when you review your DLP Incidents.

Strata Cloud Manager
Panorama
Email DLP
Endpoint DLP

Configure the Enterprise Data Loss Prevention (E-DLP) snippet settings on Strata Cloud Manager to specify if and how snippets are stored.

Log in to Strata Cloud Manager.
Select ManageConfigurationData Loss PreventionSettingsSensitive Data.
Enable Snippets Viewing and Masking for Prisma Access and NGFW to store the snippets of sensitive data that match your Enterprise DLP data patterns.
Configure how to Snippets Masking for storage in the DLP cloud service.
- Do not mask—Enterprise DLP displays the entire matched sensitive data snippet in cleartext.
- Partial mask—Enterprise DLP partially masks the matched sensitive data snippet and displays only the last two characters in cleartext.
- Full mask—Enterprise DLP fully masks the entire matched sensitive data snippet.
Push the snippet settings.
1. Push Config and Push.
2. Select (enable) Remote Networks and Mobile Users.
3. Push.

Configure the Enterprise Data Loss Prevention (E-DLP) snippet settings on your Panorama™ management server to specify if and how snippets are stored.

Log in to the Panorama web interface.
Select PanoramaDLPConfiguration and edit the Snippet Settings.
Check (enable) Store Snippets of Sensitive Data to store the snippets of sensitive data that match your data patterns in the DLP cloud service.
Configure how to Mask Sensitive Field for storage in the DLP cloud service.
- Do not mask—Enterprise DLP displays the entire matched sensitive data snippet in cleartext.
- Partial mask—Enterprise DLP partially masks the matched sensitive data snippet and displays only the last two characters in cleartext.
- Full mask—Enterprise DLP fully masks the entire matched sensitive data snippet.
Click OK to save your configuration changes.
Commit and push the new configuration to your managed firewalls.
The Commit and Push command isn’t recommended for Enterprise DLP configuration changes. Using the Commit and Push command requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
- Full configuration push from Panorama
  Select CommitCommit to Panorama and Commit.
  Select CommitPush to Devices and Edit Selections.
  Select Device Groups and Include Device and Network Templates.
  Click OK.
  Push your configuration changes to your managed firewalls that are using Enterprise DLP.
- Partial configuration push from Panorama
  You must always include the temporary __dlp administrator when performing a partial configuration push. This is required to keep Panorama and the DLP cloud service in sync.
  For example, you have an admin Panorama admin user who is allowed to commit and push configuration changes. The admin user made changes to the Enterprise DLP configuration and only wants to commit and push these changes to managed firewalls. In this case, the admin user is required to also select the __dlp user in the partial commit and push operations.
  
  Select CommitCommit to Panorama.
  Select Commit Changes Made By and then click the current Panorama admin user to select additional admins to include in the partial commit.
  In this example, the admin user is currently logged in and performing the commit operation. The admin user must click admin and then select the __dlp user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.
  Click OK to continue.
  
  Commit.
  Select CommitPush to Devices.
  Select Push Changes Made By and then click the current Panorama admin user to select additional admins to include in the partial push.
  In this example, the admin user is currently logged in and performing the push operation. The admin user must click admin and then select the __dlp user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.
  Click OK to continue.
  
  Select Device Groups and Include Device and Network Templates.
  Click OK.
  Push your configuration changes to your managed firewalls that are using Enterprise DLP.

Configure the Email DLP snippet settings on Strata Cloud Manager to specify if and how snippets are stored.

Log in to Strata Cloud Manager.
Select ManageConfigurationSaaS SecuritySettingsEmail DLP Settings.
Configure the Snippet Viewing and Masking settings for Email DLP.
- Do not mask—Enterprise DLP displays the entire matched sensitive data snippet in cleartext.
- Partial mask—Enterprise DLP partially masks the matched sensitive data snippet and displays only the last two characters in cleartext.
- Full mask—Enterprise DLP fully masks the entire matched sensitive data snippet.

Configure the Endpoint DLP snippet settings on Strata Cloud Manager to specify if and how snippets are stored.

Log in to Strata Cloud Manager.
Select ManageConfigurationData Loss PreventionSettingsSensitive Data.
Enable Store Snippets of Sensitive Data for Endpoint DLP to store the snippets of sensitive data that match the data profile associated with your Endpoint DLP policy rule.
Configure how to Snippets Masking for storage by Enterprise DLP.
- Do not mask—Enterprise DLP displays the entire matched sensitive data snippet in cleartext.
- Partial mask—Enterprise DLP partially masks the matched sensitive data snippet and displays only the last two characters in cleartext.
- Full mask—Enterprise DLP fully masks the entire matched sensitive data snippet.
Push your new Endpoint DLP snippet settings to the Prisma Access Agent.
1. Select Endpoint DLP PolicyPush Policies and Push Policies.
2. (Optional) Enter a Description for the Endpoint DLP policy push.
3. Review the Push Policies scope to understand the changes included the Endpoint DLP configuration push.
4. Push.

Edit the Enterprise DLP Data Filtering Settings

Configure Syslog Forwarding for Enterprise DLP Incidents

Enterprise DLP Docs

Edit the Enterprise DLP Snippet Settings

Enterprise DLP Docs

Edit the Enterprise DLP Snippet Settings

Edit the Enterprise DLP Snippet Settings on Strata Cloud Manager

Edit the Enterprise DLP Snippet Settings on Panorama

Edit the Enterprise DLP Snippet Settings for Email DLP

Edit the Enterprise DLP Snippet Settings for Endpoint DLP

Activation & Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner

Technical Documentation

Company

Legal Notices