Enterprise DLP
Remediate Discovered Shadow Data
Table of Contents
Remediate Discovered Shadow Data
Take remediation action for shadow data discovered by Enterprise Data Loss Prevention (E-DLP),
| Where Can I Use This? | What Do I Need? |
|---|---|
| Strata Cloud Manager |
Or any of the following licenses that include the Enterprise DLP and Data Security licenses
|
Enterprise Data Loss Prevention (E-DLP) takes action on discovered shadow creating a new custom
document type using the discovered files. Enterprise DLP uses the custom
document type created using the Shadow Data Discovery category and sub category to
take action on shadow data detected on all subsequent scans. This inspection isn't
retroactive and applies only to new scans after you create the new custom document
type and add it to your data asset policy.
- Log in to Strata Cloud Manager.Start a Shadow Data Discovery Scan.Analyze Discovered Shadow Data.In the Categories, expand the Actions menu and Review Files for the shadow data category you want to remediate.
![]()
If you selected a category from the Top Clusters, the Categories lists all the shadow data discovered by Enterprise DLP. Click Review Files at the top of the Categories list.![]()
Review the discovered files.Apply filters to narrow down and understand the types of shadow data discovered by Enterprise DLP in the specific category. Applying filters does not narrow down shadow data Enterprise DLP takes action on in the next step. Enterprise DLP takes the action you configure in the next step for all shadow data in the selected category regardless of filters applied.Click Next: Actions to configure the actions Enterprise DLP takes to secure this sensitive data from exfiltration.Configure the actions Enterprise DLP takes discovered shadow data.Enterprise DLP creates an Indexed Document Matching (IDM) custom document type to prevent exfiltration of sensitive data that matches the selected Category and Sub Category if selected.In the example displayed below, the selected Category is Cybersecurity and Privacy Requests and the Sub Category is Credit Report Disputes and Innaccuracies. In this case, Enterprise DLP takes action on any shadow data that matches both these categories when you add the custom document type to a data asset policy rule.- Enter a Name for the new custom document type.(Optional) Enter a Description.The Category field displays the shadow data category you want to take remediation action for. You can't edit this field.(Optional) Select a Sub Category. You can only select one sub category.Click Next: Summary.
![]()
Review the summary of the new custom document types and Finish.Create a data profile and add the custom document type you created.Enable the data profile for use in Data Security.Select and select the data profile you created. Select and Confirm you want to enable the data profile.Select and add a data asset policy.When configuring the Match Criteria for the data asset policy, select and Add Data Profile to add the data profile you enabled in the previous step.Add any additional data profiles as needed. Palo Alto Networks recommends using the OR operator to ensure that Enterprise DLP can detect any combination of sensitive data that matches the different data profiles you add.Click Next to define the Rule Actions and to Submit the new data asset policy.![]()
