>
    Strata Copilot
    Report a False Positive Detection
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Administration
    4. Monitor Enterprise DLP
    5. Enterprise DLP Incident Management
    6. Report a False Positive Detection
    Download PDF
    Enterprise DLP

    Report a False Positive Detection

    Table of Contents

    Report a False Positive Detection

    Report false positive detections by Enterprise Data Loss Prevention (E-DLP) to Palo Alto Networks to improve Enterprise DLP detection accuracy.
    On May 7, 2025, Palo Alto Networks is introducing new Evidence Storage and Syslog Forwarding service IP addresses to improve performance and expand availability for these services globally.
    You must allow these new service IP addresses on your network to avoid disruptions for these services. Review the Enterprise DLP Release Notes for more information.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Panorama or Strata Cloud Manager)
    • Prisma Access (Managed by Panorama or Strata Cloud Manager)
    • Prisma Browser
    • Enterprise Data Loss Prevention (E-DLP) license
      Review the Supported Platforms for details on the required license for each enforcement point.
    Or any of the following licenses that include the Enterprise DLP license
    • Prisma Access CASB license
    • Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
    • Data Security license
    Feature is Limited Availability.
    In some instances, Enterprise Data Loss Prevention (E-DLP) might incorrectly detect and take action on the file or network traffic that it should not have. This is called a false positive detection and they can cause productivity impacts to individual employees and Enterprise DLP administrators alike. Report false positive detections to Palo Alto Networks to improve Enterprise DLP detection accuracy for yourself and other Enterprise DLP users. You report a false positive detection against the DLP incident where the false positive detection occurred.
    The DLP incident must meet the following conditions to report a false positive detection:
    • Traffic matched against a predefined ML-based data pattern
    • The traffic is match is high confidence
    • There is a snippet available of the false positive detection to share with Palo Alto Networks
    For predefined data patterns marked with Augmented with ML, Enterprise DLP uses AI and advanced machine learning (ML) techniques to improve its detection engine when you report a false positive detection. This enables Enterprise DLP to continuously learn from your feedback to reduce false positive detections and increase detection accuracy for yourself and other Enterprise DLP users. For Enterprise DLP to use AI and ML to learn from your false positive detections and improve its detection engine:
    • Files in inspected traffic must be 19 MB and smaller
    • The number of traffic matches per data pattern in the data profile is 100 matches or less
    All selected DLP incident snippets are shared with Palo Alto Networks when you submit a false positive report. The selected snippets are stored and accessible by Palo Alto Networks for up to 90 days to enable Palo Alto Networks to investigate and improve Enterprise DLP detection accuracy.
    Enterprise DLP does not support reporting false positive detections for incidents generated from Email DLP or SaaS Security.
    1. Log in to Strata Cloud Manager.
    2. Reviewed your data patterns, profiles, and Security policy rules to reduce false positive detections.
    3. Select ConfigurationData Loss PreventionDLP Incidents.
    4. In the Incidents, click the File name of the false positive DLP incident you want to report to Palo Alto Networks.
    5. In the Matches within Data Profile window, click Report False Positive.
    6. In the Falsely Detection Information, select one or more data patterns.
      Enterprise DLP displays the list of available data patterns based on the data profile that generated a false positive detection. Enterprise DLP only displays data patterns associated with the data profile.
    7. Select one or more snippets of false positive detections.
      You can select snippets from multiple data patterns associated with the data profile if selected.
    8. (Optional) Add a Comment to provide additional details to Palo Alto Networks.
      This helps Palo Alto Networks understand how to improve the predefined data pattern match criteria or how to train the ML models to improve detection accuracy.
      Click Next.
    9. A notification displays to confirm submission of the false positive report and that the snippet will be shared with Palo Alto Networks for investigative purposes.
      Click Submit to report the false positive detection.

    © 2026 Palo Alto Networks, Inc. All rights reserved.