Enterprise DLP
Report a False Positive Detection
Table of Contents
Report a False Positive Detection
Report false positive detections by Enterprise Data Loss Prevention (E-DLP) to Palo Alto Networks
to improve the DLP cloud service detection accuracy.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Enterprise DLP license
|
In some instances, Enterprise Data Loss Prevention (E-DLP) may incorrectly detect and take action on
the file or network traffic that it should not have. This is called a
false positive detection and they can cause
productivity impacts to individual employees and Enterprise DLP administrators
alike. False positive detections are commonly caused by traffic match criteria in
predefined regular expression (regex).
Report false positive detections to Palo Alto Networks to improve Enterprise DLP detection accuracy for yourself and other Enterprise DLP users. You report a
false positive detection against the DLP Incident where the false positive
detection occurred.
The DLP Incident must meet the following conditions to report a false positive
detection:
- Traffic matched against a predefined regular expression (regex) data patterns.
- The traffic is match is high confidence.
- There is a snippet available of the false positive detection to share with Palo Alto Networks.
All selected DLP incident snippets are shared with Palo Alto Networks when you
submit a false positive report. The selected snippets are stored and accessible
by Palo Alto Networks for up to 90 days to allow Palo Alto Networks to
investigate and improve Enterprise DLP detection accuracy.
Reporting false positive detections for incidents generated from Email
DLP or SaaS Security are not supported.
- Log in to Strata Cloud Manager.
- Reviewed your data patterns, profiles, and Security policy rules to reduce false positive detections
- Select .
- In the Incidents, click the File name of the false positive DLP incident you want to report to Palo Alto Networks.
- In the Matches within Data Profile window, click Report False Positive.
- In the Falsely Detection Information, select one or more data patterns.The list of available data patterns is based on the data profile that generated a false positive detection. Only data patterns associated with the data profile are displayed.
- Select one or more snippets of false positive detections.You can select snippets from multiple data patterns associated with the data profile if selected.
- (Optional) Add a Comment to provide additional details to Palo Alto Networks.This helps Palo Alto Networks understand how to improve the predefined data pattern match criteria or how to train the ML models to improve detection accuracy.Click Next.
- A notification is displayed to confirm submission of the false positive report and that the snippet will be shared with Palo Alto Networks for investigative purposes.Click Submit to report the false positive detection.
