Data Dictionaries

Table of Contents

Data Dictionaries

Data dictionaries allow you to add keywords to advanced Enterprise Data Loss Prevention (E-DLP) data profiles to more accurately identify and prevent sensitive data exfiltration.

On May 7, 2025, Palo Alto Networks is introducing new Evidence Storage and Syslog Forwarding service IP addresses to improve performance and expand availability for these services globally.

You must allow these new service IP addresses on your network to avoid disruptions for these services. Review the Enterprise DLP Release Notes for more information.

Where Can I Use This?	What Do I Need?
NGFW (Managed by Panorama or Strata Cloud Manager) Prisma Access (Managed by Panorama or Strata Cloud Manager) Prisma Browser	Enterprise Data Loss Prevention (E-DLP) license Review the Supported Platforms for details on the required license for each enforcement point. Or any of the following licenses that include the Enterprise DLP license Prisma Access CASB license Next-Generation CASB for Prisma Access and NGFW (CASB-X) license Data Security license

Where Can I Use This?

What Do I Need?

NGFW (Managed by Panorama or Strata Cloud Manager)
Prisma Access (Managed by Panorama or Strata Cloud Manager)
Prisma Browser

Enterprise Data Loss Prevention (E-DLP) license
Review the Supported Platforms for details on the required license for each enforcement point.

Or any of the following licenses that include the Enterprise DLP license

Prisma Access CASB license
Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
Data Security license

Data dictionaries are a collection of one or more keywords or phrases that you want to detect and prevent exfilitration. A data dictionary is added as a match criteria alongside the other supported match criteria in data profile to increase the Enterprise Data Loss Prevention (E-DLP) detection accuracy.

You can add multiple data dictionaries to a single data profile. For example, you create an advanced data profile with the OR condition and multiple match criteria Groups. You can add a unique data dictionary for each match criteria group to ensure high detection accuracy for each OR match criteria conditions.

Review the requirements to upload a data dictionary to Enterprise DLP:

Up to 100 custom dictionaries are supported per tenant
Only .csv and .txt file types are supported.
Files up to 1 MB are supported.
Up to 2,500 keywords per data dictionary
Maximum of 128 characters and minimum of 3 characters per word
Files containing double byte characters, for example Chinese Japanese, and Korean, are supported

Add a Data Dictionary

Add a new data dictionary to Enterprise Data Loss Prevention (E-DLP).

If you want to upload a data dictionary to a region-specific storage bucket, allow the region-specific Public API URL and Storage Bucket on your network.
Log in to Strata Cloud Manager.
Select ConfigurationData Loss PreventionDetection MethodsData Dictionary and Add Custom Dictionary.
Enter a descriptive Name for the data dictionary.

The data dictionary must have a unique name. The upload fails if a data dictionary with an identical name already exits.

Special characters are not supported.
(Optional) Enter a Description for the data dictionary.

Enterprise DLP doesn't support special characters in the data dictionary description.
Select the data dictionary Category.

Enterprise DLP uses the data dictionary category to group together similar types of data dictionaries for administrative purposes.

You can specify one of the following predefined categories—Academia, Confidential, Employment, Financial, Government, Healthcare, Legal, Marketing, or Source Code.
Select the Region where you want to upload and store your data dictionary.
Specify whether keywords are Case Sensitive.

This settings instructs Enterprise DLP to treat uppercase and lowercase letters for all keywords in the data dictionary as distinct (case sensitive) if enabled or as equivalent (case insensitive) if disabled.
In the Keywords section, drag and drop the data dictionary file or Browse Files to navigate to and select the data dictionary file.

Only one data dictionary file can be uploaded at a time. Upload will fail if you attempt to upload multiple data dictionaries at one time.

Enterprise DLP displays a preview of the keywords and the total number of keywords included in the data dictionary you uploaded. The Keywords Differences section specifies that you're adding new keywords. You can click View All to view the full list of keywords.

You have the option to Edit and modify the keyword list if needed. View the Update procedure for details about editing a data dictionary you uploaded to Enterprise DLP.
Create the new data dictionary.
Verify that the data dictionary was successfully uploaded.
Create or modify a data profile to add your data dictionary.

Data dictionaries compliment the match criteria in your advanced and nested data profiles and increase the likelihood of positive detections.

Update a Data Dictionary

Update the settings and keywords in an existing data dictionary.

If you want to upload a data dictionary to a region-specific storage bucket, allow the region-specific Public API URL and Storage Bucket on your network.
Log in to Strata Cloud Manager.
Select ConfigurationData Loss PreventionDetection MethodsData Dictionary.
Locate the data dictionary you want to update and expand the Actions menu to Edit the data dictionary. You can apply filters as needed or search for the data dictionary name.
Edit the General Information as needed.

Enterprise DLP doesn't support editing the data dictionary name.
Update the data dictionary keywords.
You can update the keywords associated with the data dictionary in one of two ways.
- Upload a New List of Keywords
  Drag and drop or click Browse Files to upload a data dictionary with new keywords. The file you upload doesn't have to have the same name as the original one you uploaded.
  Enterprise DLP displays all the changes between the original list of keywords and the new list of keywords.
- Manually Edit the List of Keywords
  1. Click View All to view the full list of keywords included in the data dictionary.
  2. (Optional) Sort the keywords to ensure the keywords you want to edit are included in the data dictionary. You can search for specific keywords or click Sort By to sort the list from A-Z or Z-A.
    However, you must Reset all filters before you can edit the keyword list. Enterprise DLP doesn't support editing the keyword list with a filter applied.
  3. Edit the keyword list. You can add, change, or delete any keyword as needed. Enterprise DLP continues to enforce a 200 word maximum when adding new keywords.
  4. Save the updated list of keywords.
  5. Enterprise DLP displays all the changes between the original list of keywords and the new list of keywords. You can Download the updated list of keywords to store locally.
Update the data dictionary with your changes.

Delete a Data Dictionary

Delete a data dictionary from Enterprise Data Loss Prevention (E-DLP).

Log in to Strata Cloud Manager.
Select ConfigurationData Loss PreventionDetection MethodsData Dictionary.
Locate the data dictionary you want to update and expand the Actions menu to Edit the data dictionary. You can apply filters as needed or search for the data dictionary name.
You are prompted to confirm you want to delete the data dictionary. Click Delete Dictionary to confirm permanently deleting the data dictionary from Enterprise DLP.

You can't delete a data dictionary if it's currently included in a data profile. Enterprise DLP displays the data profiles currently referencing the data dictionary you want to delete.

Select ConfigurationData Loss PreventionData Profiles to update the listed data profiles. Try deleting the data dictionary again after you've removed the data dictionary from the listed data profiles.
Enterprise DLP displays a success message in the upper-right corner when the data dictionary was deleted.