Use the Enterprise Data Loss Prevention (E-DLP) Migrator to migrate your Symantec DLP policy rules and convert them into SaaS Security policy rules. This allows you to quickly transition to Palo Alto Networks Enterprise DLP without the need to manually recreate all your Security policy rules designed to prevent exfiltration of sensitive data. To migrate your existing Symantec DLP policy rules, you simply need to export them from Symantec DLP in .xml format and import them into the Enterprise DLP migration tool. The imported DLP policy rules are then evaluated to verify that they are compatible with Enterprise DLP and SaaS Security. When a Symantec DLP policy rule is successfully migrated to Enterprise DLP, a data pattern and a classic data profile with names identical to the migrated policy rule are automatically created as part of the migration to capture the traffic match criteria.

If Enterprise DLP detects an incompatible DLP policy rule traffic match criteria, you can choose to delete the incompatible match criteria from the Symantec DLP policy rule before the migration begins or choose to exclude that specific Symantec DLP policy from migration. A successfully migrated Symantec DLP policy rules is added as a Disabled SaaS Security Data Asset policy rule (ManageConfigurationSaaS SecurityData SecurityPoliciesData Asset Policies). You can then review the Data Asset policy rule, make changes if needed, and enable the policy rule.