Enterprise DLP
DLP App
Table of Contents
DLP App
Configure an
Enterprise Data Loss Prevention (E-DLP)
data profile on the DLP app on the hub. - Log in to the DLP app on the hub.If you don’t already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.
- Select.Data ProfilesAdd Data ProfileClassic Data ProfileYou can also create a new data profile by copying an existing data profile. This allows you to quickly modify an existing data profile with additional match criteria while preserving the original data profile from which the new data profile was copied.Data profiles created by copying an existing data profile are appended withCopy - <name_of_original_data_profile>. This name can be edited as needed.Adding an EDM data set to a copied data profile is supported only if the original data profile had an EDM data set to begin with. Adding an EDM data set to a data profile that doesn’t already have an EDM data set isn’t supported.
- Configure the Primary Rule for the data profile.Data pattern match criteria for traffic that you want to allow must be added to the Primary Rule. Data pattern match criteria for traffic that you want to block can be added to either Primary Rule or Secondary Rule.
- Enter a descriptiveData Profile Name.
- Add Pattern GroupandAdd Data Pattern.
- Define the match criteria.
- Data Pattern—Select a custom or predefined data pattern.
- Occurrence Condition—Specify the occurrences condition required to trigger a Security policy rule action.
- Any—Security policy rule action triggered ifEnterprise DLPdetects at least one instance of matched traffic.
- Less than or equal to—Security policy rule action triggered ifEnterprise DLPdetects instances of matched traffic, with the maximum being the specifiedCount.
- More than or equal to—Security policy rule action triggered ifEnterprise DLPdetects instances of matched traffic, with a minimum being the specifiedCount.
- Between (inclusive)—Security policy rule action triggered ifEnterprise DLPdetects any number of instances of matched traffic between the specificCountrange.
- Count—Specify the number of instances of matched traffic required to trigger a Security policy rule action. Range is1-500.For example, to match a pattern that appears three or more times in a file, selectMore than or equal toas theOccurrence Conditionand specify3as theThreshold.
- Confidence—Specify the confidence level required for a Security policy rule action to be taken (HighorLow).
- (Optional)Add Data Patternto add additional data pattern match criteria to the Primary rule.
- (Optional)Add Data Pattern Groupto add additional data pattern conditions usingANDorORoperators to the Primary Rule.Refer to the descriptions above to configure any additional data pattern conditions as needed.
- (Optional) Configure a Secondary Rule.Data pattern match criteria added to the Secondary Rule block all traffic that meets the match criteria for the data patterns by default and can’t be modified. If you want to allow traffic that matches a data pattern match criteria, add it to the Primary Rule.
- Review theData Profile Previewto verify the data profile match criteria.
- Savethe data profile.
- Verify that the data profile you created.
- DLP App on the hub—Log in to the DLP app on the hub as a Superuser and selectData Profilesto view the data profile you created.
- —Log in toStrata Cloud ManagerStrata Cloud Managerand selectand search for the data profile you created.ManageConfigurationSecurity ServicesData Loss Prevention
- PanoramaandPrisma Access (Managed by Panorama)See Update a Data Profile for more information on which data profile settings are editable onPanoramafor a data profile created onStrata Cloud Manager.
- Log in to thePanoramaweb interface.
- Selectand navigate to the data profile you created.ObjectsDLPData Filtering Profiles
- (Optional) Edit the data profile Action to block traffic.The Action for a data profile created onStrata Cloud Manageris configured toAlertby default.If the data profile has both Primary and Secondary Patterns, changing the data profile Action onPanoramadeletes all Secondary Pattern match criteria.
- Select the data profile created onStrata Cloud Manager.
- Set the data profile Action toBlocktraffic that matches the data profile match criteria.
- SelectandCommitCommit toPanoramaCommit.
- ClickOK.
- SelectandCommitPush to DevicesEdit Selections.
- SelectDevice GroupsandInclude Device and Network Templates.
- Pushyour configuration changes to your managed firewalls that are usingEnterprise DLP.
- Attach the data profile to a Security policy rule.
- —Modify a DLP Rule on Strata Cloud Manager.Prisma Access (Managed by Strata Cloud Manager)
- PanoramaandPrisma Access (Managed by Panorama)
- Log in to thePanoramaweb interface.
- Selectand specify thePoliciesSecurityDevice Group.
- Select the Security policy rule to which you want to add the data profile.
- SelectActionsand set theProfile TypetoProfiles.
- Select theData Filteringprofile you created.
- ClickOK.
- SelectCommitandCommit and Push.