Upload an Encrypted EDM Data Set to Enterprise DLP Using a Configuration File

Table of Contents

Configure EDM CLI App Connectivity to Enterprise DLP

Create an Encrypted EDM Data Set Using a Configuration File

Upload an Encrypted EDM Data Set to Enterprise DLP Using a Configuration File

Use the Exact Data Matching (EDM) CLI application to upload an encrypted hash EDM data set in CSV or TSV format using a configuration file.

On May 7, 2025, Palo Alto Networks is introducing new Evidence Storage and Syslog Forwarding service IP addresses to improve performance and expand availability for these services globally.

You must allow these new service IP addresses on your network to avoid disruptions for these services. Review the Enterprise DLP Release Notes for more information.

Where Can I Use This?	What Do I Need?
NGFW (Managed by Panorama or Strata Cloud Manager) Prisma Access (Managed by Panorama or Strata Cloud Manager)	Enterprise Data Loss Prevention (E-DLP) license Review the Supported Platforms for details on the required license for each enforcement point. Or any of the following licenses that include the Enterprise DLP license Prisma Access CASB license Next-Generation CASB for Prisma Access and NGFW (CASB-X) license Data Security license

Where Can I Use This?

What Do I Need?

NGFW (Managed by Panorama or Strata Cloud Manager)
Prisma Access (Managed by Panorama or Strata Cloud Manager)

Enterprise Data Loss Prevention (E-DLP) license
Review the Supported Platforms for details on the required license for each enforcement point.

Or any of the following licenses that include the Enterprise DLP license

Prisma Access CASB license
Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
Data Security license

You can use the Exact Data Matching (EDM) CLI app using a configuration file to create and upload an encrypted EDM data set as two individual jobs or create and upload an encrypted EDM data set in a single job.

To ensure General Data Protection Regulation (GDPR) compliance, the EDM CLI app hashes and encrypts EDM data sets before upload to the Enterprise DLP EDM data set storage bucket. The EDM CLI app first hashes the data set using the SHA256 hash function when you initiate an EDM data set upload. The EDM CLI app then encrypts the EDM data set using AES Symmetric encryption before beginning the EDM data set upload to the Enterprise DLP EDM data set storage bucket. The raw data in your EDM data sets never leave your organization's network, and Enterprise DLP does not store or have access to the raw EDM data set data. Enterprise DLP stores only hashed and encrypted EDM data set data in the EDM data set storage bucket. Review the Enterprise DLP Privacy Datasheet for more information about how Enterprise DLP captures, processes, and stores personal information.

Configure EDM CLI App Connectivity to Enterprise DLP

Create an Encrypted EDM Data Set Using a Configuration File

Enterprise DLP Docs

Upload an Encrypted EDM Data Set to Enterprise DLP Using a Configuration File

Enterprise DLP Docs

Upload an Encrypted EDM Data Set to Enterprise DLP Using a Configuration File

Activation & Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner