Create a Classic Data Profile
Focus
Focus
Enterprise DLP

Create a Classic Data Profile

Table of Contents

Create a Classic Data Profile

Create a classic Enterprise Data Loss Prevention (E-DLP) data profile that contains predefined, custom regular expression, or file property data patterns.
Where Can I Use This?What Do I Need?
  • NGFW (Managed by Panorama or Strata Cloud Manager)
  • Prisma Access (Managed by Panorama or Strata Cloud Manager)
  • Enterprise Data Loss Prevention (E-DLP) license
    Review the Supported Platforms for details on the required license for each enforcement point.
Or any of the following licenses that include the Enterprise DLP license
  • Prisma Access CASB license
  • Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
  • Data Security license
After you create a data pattern, you need to create a data profile to add those data patterns and specify matches and confidence levels. All data profiles you create are shared across Panorama™ management server and Strata Cloud Manager deployments associated with the tenant. All classic data profiles created on Panorama or Strata Cloud Manager can be edited and copied as needed. Viewing a data profile created on the DLP on Panorama requires Panorama plugin for Enterprise DLP 1.0.4 or later release.
(Panorama only) A data profile configured for detection of non-file traffic allows you to configure URL and application exclusion lists. The URL and application exclusion lists allow you to select Shared URL and application traffic to exclude from inspection. For the application exclusion list, at least one application exclusion is required to create a data filtering profile for inspecting non-file traffic. The predefined DLP App Exclusion Filter is provided containing commonly used applications that can be safely excluded from inspection. When you create a data filtering profile using predefined data patterns, be sure to consider the detection type used by the predefined data patterns because the detection type determines how Enterprise Data Loss Prevention (E-DLP) arrives at a verdict for scanned files. If you downgrade from PAN-OS 10.2.1 or later release and Enterprise DLP plugin 3.0.1 or late release to PAN-OS 10.1 and Enterprise DLP plugin 1.0, data filtering profiles created on Panorama for non-file inspection are automatically converted into file-based data filtering profiles.
When you create a data profile using predefined data patterns, be sure to consider the detection type used by the predefined data patterns because the detection type determines how Enterprise Data Loss Prevention (E-DLP) arrives at a verdict for scanned files.
Updating a classic data profile to include an advanced detection method such as Exact Data Matching (EDM) and custom document types set isn’t supported.
You need to create an advanced data profile if you want to create a data profile that combines a predefined or custom data pattern and advanced detection methods, see