>
    Enable Exact Data Matching (EDM)
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Configure Enterprise DLP
    4. Exact Data Matching (EDM)
    5. Enable Exact Data Matching (EDM)
    Download PDF
    Enterprise DLP

    Enable Exact Data Matching (EDM)

    Table of Contents

    Enable Exact Data Matching (EDM)

    Enable Exact Data Matching (EDM) on Strata Cloud Manager and the DLP app on the hub.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Panorama or Strata Cloud Manager)
    • Prisma Access (Managed by Panorama or Strata Cloud Manager)
    • Enterprise Data Loss Prevention (E-DLP) license
      Review the Supported Platforms for details on the required license for each enforcement point.
    Or any of the following licenses that include the Enterprise DLP license
    • Prisma Access CASB license
    • Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
    • Data Security license
    Exact Data Matching (EDM) is an advanced detection tool to monitor and protect sensitive data from exfiltration. Use EDM to detect sensitive and personally identifiable information (PII) such as social security numbers, Medical Record Numbers, bank account numbers, and credit card numbers, in a structured data source such as databases, directory servers, or structured data files (CSV and TSV), with high accuracy. You must first enable EDM for Enterprise Data Loss Prevention (E-DLP) to upload hash encrypted EDM data sets to the DLP cloud services to use as match criteria in advanced data profiles.
    It might take 24-48 hours for Palo Alto Networks to enable EDM functionality.

    Strata Cloud Manager

    Enable Exact Data Matching (EDM) on Strata Cloud Manager to upload encrypted EDM data sets.
    1. Log in to Strata Cloud Manager.
    2. Select ManageConfigurationData Loss PreventionDetection MethodsExact Data Matching.
    3. Enable EDM.
      Review and Close the EDM confirmation that your OCR enablement request was successfully submitted.
    4. Cloud Management displays Enablement Request Sent while your enablement request is pending.
    5. Set Up the EDM CLI Application after EDM is enabled on Cloud Management.
      EDM functionality is enabled when you can download the EDM CLI application and view the table where uploaded EDM data sets will be displayed.

    DLP App

    Enable Exact Data Matching (EDM) on the DLP app on the hub to upload encrypted EDM data sets.
    1. Log in to the DLP app on the hub.
      If you don’t already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.
    2. Select Detection MethodsExact Data Matching.
    3. Request Enablement.
    4. When prompted, click Send Request to confirm your request to enable EDM.
    5. The DLP app on the hub displays Enable Request Sent while your enablement request is pending.
    6. Set Up the EDM CLI Application after EDM is enabled on the DLP app.
      EDM functionality is enabled when you can download the EDM CLI application and view the table where uploaded EDM data sets will be displayed.

    © 2024 Palo Alto Networks, Inc. All rights reserved.