Where Can I Use This? | What Do I Need? |
- NGFW (Managed by Panorama or Strata Cloud Manager)
- Prisma Access (Managed by Panorama or Strata Cloud Manager)
|
Or any of the following licenses that include the Enterprise DLP license
- Prisma Access CASB license
- Next-Generation
CASB for Prisma Access and NGFW (CASB-X) license
- Data Security license
|
After you
create a data pattern, you need to create a
data profile to add those data patterns and specify matches and confidence levels.
All data profiles you create are shared across
Panorama™ management server and
Strata Cloud Manager deployments associated with the tenant. All classic data
profiles created on
Panorama or
Strata Cloud Manager can be edited and
copied as needed. Viewing a data profile created on the DLP on
Panorama
requires
Panorama plugin for
Enterprise DLP 1.0.4 or later
release.
(
Panorama only) A data profile configured for detection of non-file
traffic allows you to configure URL and application exclusion lists. The URL and
application exclusion lists allow you to select
Shared URL
and application traffic to exclude from inspection. For the application exclusion
list, at least one application exclusion is required to create a data filtering
profile for inspecting non-file traffic. The predefined
DLP App
Exclusion Filter is provided containing commonly used
applications that can be safely excluded from inspection. When you create a data
filtering profile using predefined data patterns, be sure to consider the
detection type used by the predefined data
patterns because the detection type determines how
Enterprise Data Loss Prevention (E-DLP) arrives
at a verdict for scanned files. If you downgrade from PAN-OS 10.2.1 or later release
and
Enterprise DLP plugin 3.0.1 or late release to PAN-OS 10.1 and
Enterprise DLP plugin 1.0, data filtering profiles created on
Panorama
for non-file inspection are automatically converted into file-based data filtering
profiles.
When you create a data profile using predefined data patterns, be sure to consider
the
detection type used by the predefined data
patterns because the detection type determines how
Enterprise Data Loss Prevention (E-DLP) arrives
at a verdict for scanned files.
You need to
create an advanced data profile if you
want to create a data profile that combines a predefined or custom data pattern
and advanced detection methods, see