>
    Strata Copilot
    Advanced Enterprise DLP Incident Filter
    Focus
    Download PDF
    Focus
    1. Home
    2. What's New in the NetSec Platform
    3. What's New in the NetSec Platform
    4. April 2026
    5. Advanced Enterprise DLP Incident Filter
    Download PDF
    What's New in the NetSec Platform

    Advanced Enterprise DLP Incident Filter

    Table of Contents

    Advanced Enterprise DLP Incident Filter

    You can now build complex filter queries using SQL-like syntax to quickly locate specific Enterprise Data Loss Prevention (E-DLP) incidents.
    Managing large volumes of Enterprise Data Loss Prevention (E-DLP) incidents across multiple channels can make it challenging to locate specific incidents that require immediate attention. Sifting through hundreds or thousands of incidents to find those matching complex criteria such as excluding specific asset types, filtering by multiple channels, or combining severity levels with file patterns consumes valuable time and delays your incident response.
    You can now use advanced filtering to construct sophisticated queries using SQL-like filter syntax. The advanced filter mode provides intelligent autocomplete suggestions for filter keys, operators, and values, so you can build complex queries such as:
    Asset != 'http-put-post' AND Severity IN ('Critical', 'High')
    Asset CONTAINS('pdf', 'txt') AND Channel = 'NGFW'
    You can combine multiple conditions using the AND connector, apply pattern matching with CONTAINS and NOT CONTAINS operators for asset names and URL domains, and use equality operators like IN, NOT IN, IS NULL, and IS NOT NULL to refine your search criteria.
    Advanced filtering accelerates your security operations by enabling you to rapidly isolate critical incidents, filter out false positives, and focus investigation efforts on the incidents that pose the greatest risk to your organization.

    © 2026 Palo Alto Networks, Inc. All rights reserved.