Create an Advanced Data Profile
Focus
Focus
Enterprise DLP

Create an Advanced Data Profile

Table of Contents

Create an Advanced Data Profile

Create an advanced Enterprise Data Loss Prevention (E-DLP) data profile containing any combination of custom and file property data patterns, and advanced detection methods such as EDM and custom document types.
Where Can I Use This?What Do I Need?
  • NGFW (Managed by Panorama or Strata Cloud Manager)
  • Prisma Access (Managed by Panorama or Strata Cloud Manager)
  • Enterprise Data Loss Prevention (E-DLP) license
    Review the Supported Platforms for details on the required license for each enforcement point.
Or any of the following licenses that include the Enterprise DLP license
  • Prisma Access CASB license
  • Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
  • Data Security license
Advanced data profiles are data profiles that can any combination of predefined, custom regex, or file property data pattern and advanced detection methods such EDM data sets and custom document types. Enterprise DLP synchronizes advanced data profiles betweenPanorama and Strata Cloud Manager.
When you create a data profile using predefined data patterns, be sure to consider the detection type used by the predefined data patterns because the detection type determines how Enterprise DLP arrives at a verdict for scanned files.
Updating an advanced data profile to include only data patterns isn’t supported if the advanced data profile includes at least one data pattern and advanced detection method when it was initially created. However, updating a data profile that includes data patterns and advanced detection methods to only include advanced detection methods is supported.
Create a Classic Data Profile to create a data profile containing only predefined or custom data patterns.
  1. Log in to Strata Cloud Manager.
  2. Select ManageConfigurationData Loss PreventionData Profiles and Add Data ProfileAdvanced Data Profile.
    You can also create a new data profile by copying an existing data profile. This allows you to quickly modify an existing data profile with additional match criteria while preserving the original data profile from which the new data profile was copied.
    Data profiles created by copying an existing data profile are appended with Copy - <name_of_original_data_profile>. This name can be edited as needed.
    Adding an EDM data set to a copied data profile is supported only if the original data profile had an EDM data set to begin with. Adding an EDM data set to a data profile that doesn’t already have an EDM data set isn’t supported.
  3. Configure the Primary Rule for the data profile.
    Data pattern match criteria for traffic that you want to allow must be added to the Primary Rule. Data pattern match criteria for traffic that you want to block can be added to either Primary Rule or Secondary Rule.
    1. Enter a descriptive Data Profile Name.
    2. Select the data pattern operator (AND or OR).
    3. Add Data Pattern.
    4. Define the data profile match criteria
        Expand all
        Collapse all
      • Data Patterns
      • Data Dictionary
      • Custom Document Types
      • EDM
      • Group
  4. (Optional) Configure a Secondary Rule.
    Data pattern match criteria added to the Secondary Rule block all traffic that meets the match criteria for the data patterns by default and can’t be modified. If you want to allow traffic that matches a data pattern match criteria, add it to the Primary Rule.
  5. Review the Data Profile Preview to verify the data profile match criteria.
  6. Save the data profile.
  7. Test a Data Profile to verify it accurately detects the sensitive data you configured it to detect.
  8. In Data Profiles, search for the data profile you created to verify it was successfully created.
  9. Modify a DLP Rule on Strata Cloud Manager to Attach the data profile to a Security policy rule.
    The DLP Rule defines the type of traffic to inspect, the impacted file types, action, log severity, and more for the data profile match criteria. Enterprise DLP automatically creates a DLP rule with an identical name as the data profile from which it was created.
xThanks for visiting https://docs.paloaltonetworks.com. To improve your experience when accessing content across our site, please add the domain to the allow list on your ad blocker application.