>
    Strata Copilot
    Analyze Discovered Shadow Data
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Administration
    4. Monitor Enterprise DLP
    5. Shadow Data Discovery
    6. Analyze Discovered Shadow Data
    Download PDF
    Enterprise DLP

    Analyze Discovered Shadow Data

    Table of Contents

    Analyze Discovered Shadow Data

    Analyze the shadow data discovery results to learn more about the types of data that exists in your organization.
    Where Can I Use This?What Do I Need?
    Strata Cloud Manager
    • Data Security license
    • Enterprise DLP license
    Or any of the following licenses that include the Enterprise DLP and Data Security licenses
    • Prisma Access CASB license
    • Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
    • Data Security license
    After Enterprise Data Loss Prevention (E-DLP) successfully scans your organization's shadow data, your data security administrators can start analyzing the shadow data discovery results to learn more about the AI-generated categories and document clusters to understand what types of data exist in your organization. Enterprise DLP provides review the hierarchical groupings created from your scanned shadow data documents to provide both the high-level categories and their subcategories so your data security administrators have a clear view of how your organization organizes its documents and information. The results help guide your data governance strategy and helps identify previously unknown sensitive documents. This enables your data security administrators to evaluate the effectiveness of your current data protection policy by seeing what types of sensitive documents the Enterprise DLP discovered that your existing data profiles missed.
    Additionally, Enterprise DLP assigns a sensitivity score to each shadow data document to indicate the likelihood that it contains potentially sensitive data based on the content analysis. This score helps you understand which documents might require additional protection even if they weren't flagged by your existing data security measures.
    Enterprise DLP provides recommendations for which predefined data profiles contain sensitive data match criteria that Palo Alto Networks recommends your data security administrators should enable based on the analyzed content in the shadow data documents. These suggestions help you understand what types of standard sensitive data detection rules would be most relevant for your organization's actual data landscape.
    • Top Clusters
      The Top Clusters section shows you the most significant shadow data document categories discovered by Enterprise DLP in your organization's data. Each cluster represents a grouping of similar documents based on their content and context, displayed as visual bubbles where larger sizes indicate categories containing more documents. When you click on a specific shadow data cluster, you can review the Category Details to see additional details about the selected cluster. You can apply additional filtering to show the Top 5 Clusters, Top 10 Clusters, or Top 15 Clusters. You can hover each type of cluster to learn more about the types of documents each cluster contains.
      You can click a specific a cluster to filter the Category Detail and Categories sections to display apps, file types, and specific files associated only with the selected cluster. This interactive capability allows you to transform Enterprise DLP shadow data discoveries into actionable data protection measures that align with your organization's specific needs and risk profile.
    • Overview
      The Overview displays a high-level summary of the shadow data discovery findings across your organization or for a specific shadow data cluster you selected. The overview displays the following information for all clusters:
      • Discovered Files—Number of shadow data documents analyzed by Enterprise DLP.
      • Channels—Number of channels contained shadow data documented analyzed by Enterprise DLP.
      • File Types—Number of unique discovered file types across all shadow data cluster categories.
      • Categories—Number of unique shadow data cluster categories.
      The Overview displays doesn't display any information when you select a specific cluster.
    • Category Detail
      The Category Details section displays comprehensive information about all AI-discovered cluster categories or for a specific cluster category if you have one selected.
      • Applications—All apps and total number of shadow data files they contain analyzed by Enterprise DLP across all discovered shadow data or for a specific cluster.
      • File Types—All unique shadow data file types discovered across all cluster categories or for a specific cluster.
      Example for All Cluster Categories
      Example for A Selected Cluster Category
    • Categories
      The Categories section displays a comprehensive list of all the discovered shadow data categories by default. Alternatively, this section displays category-specific information if you select a specific cluster from the Top Clusters section or from the Categories list. You can sort using any combination of a time (Past Day, Past 7 Days, Past Month, or Past 3 Month), the Applications, File Types, and Sensitivity Score filter.
      Expand the Actions menu and Review Files to remediate discovered shadow data.
      • Category—AI-generated category name for the shadow data cluster.
        Click the category name to view all files associated with the category. From the category file list, you can Review Files to remediate discovered shadow data.
        Enterprise DLP categorizes all discovered shadow data in English, even if the source files are in other languages.
      • Sub Category—AI-generated sub category name to granularly group sets of shadow data within a broader category. Enterprise DLP doesn't always generate a sub category. Hover your mouse over the +<#> to display the full list if there is more than one sub category.
        Enterprise DLP subcategorizes all discovered shadow data in English, even if the source files are in other languages.
        Displays as None if no sub category is generated.
      • Shadow Files—Total number of files associated with the category.
      • Sensitivity Level—AI-generated score to indicate the likelihood of sensitive data being present within the one or more files associated with the category.
        When viewing files within a category, indicates the likelihood of sensitive data being present within a specific file.
        Can display Low, Medium, or High.
      • Channel—Enforcement channel used to scan for shadow data.
      • File Types—All file types associated with the category. However your mouse over the +<#> to display the full list if there is more than one file type.
        When viewing files within a category, displays the file type of the specific file.
      • Applications—All apps associated with the category. Hover your mouse over the +<#> to display the full list if there is more than one app.
        When viewing files within a category, displays the app where Enterprise DLP detected the file.
      • Detected On—Date Enterprise DLP detected and created the shadow data category.
        When viewing files within a category, displays the date Enterprise DLP detected the file.

    © 2026 Palo Alto Networks, Inc. All rights reserved.