data patterns and data filtering profiles are designed to work across all supported
platforms to provide consistent data security across all locations. Review the minimum
versions and licenses required for each.
Enterprise DLP
supports multitenancy on the
Panorama™ management server
with the
following restrictions:
Only a Superuser on
Panorama
can create
Enterprise DLP
patterns and profiles, and can associate profiles to
Security policy rules for tenants.
A Superuser must commit all changes to
Panorama
whenever they make
changes to patterns and profiles.
All tenants share a single copy of pattern and profile configurations; therefore,
any changes done to them are reflected across all tenants.
Since Security policy rules can be different across tenants, each tenant can have
different data profiles associated with Security policy rules.
, you must configure your Security policy
rule and Security Profile Group on
Panorama
and push these
configurations to your managed firewalls.
Enterprise DLP
doesn’t support pushing an
Enterprise DLP
data filtering
profile to your managed firewall and referencing the data filtering profile in a
Security policy rule or Security Profile Group created locally on the
firewall.
Apps & Threats Content Update Version
—Application and Threats content
release version 8334 or a later version.
Upgrade to PAN-OS 10.0.3 and install Application and Threats content release
version 8413 or later version for additional application support.
, you must configure your Security policy
rule and Security Profile Group on
Panorama
and push these
configurations to your managed firewalls.
Enterprise DLP
doesn’t support pushing an
Enterprise DLP
data filtering
profile to your managed firewall and referencing the data filtering profile in a
Security policy rule or Security Profile Group created locally on the
firewall.
Apps & Threats Content Update Version
—Application and Threats content
release version 8334 or a later version.
Install Application and Threats content release version 8413 or later version
for additional application
support.
Licenses
—
Prisma Access
license,
Strata Logging Service
license,
and
Panorama
support license.
NGFW (Managed by Strata Cloud Manager)
NGFW
PAN-OS
Version
—PAN-OS 10.2.3 or a later version.
Apps & Threats Content Update Version
—Application and Threats content
release version 8614 or a later version.
The following table displays the supported web applications and operational
parameters that you can use with
Enterprise Data Loss Prevention (E-DLP)
. See the Supported File Types
for more information on which file types
Enterprise DLP
can inspect and render a
verdict on across all applications. Refer to the Palo
Alto Networks Applipedia for more information on each application App-ID.
Some application support might have a
Minimum Version Requirement
.
The minimum version requirement to support inspection of an application might require a
minimum PAN-OS version or an Apps & Threats content release version installed.
Some
Enterprise DLP
functionality is dependent on a PAN-OS release.
Any application that supports the Non-File Inspection
Inspection
Type
requires PAN-OS 10.2.3 or later PAN-OS release.
Any application that supports a
Max File Size
larger than 20 MB requires
PAN-OS 10.2.4 or later PAN-OS 10.2 release, or PAN-OS 11.0.2 or later release.
Any application that supports the Download
Direction
requires PAN-OS
10.2.4 or later PAN-OS 10.2 release, or PAN-OS 11.0.2 or later release.
Review the Compatibility Matrix for
the minimum plugin versions required for your target upgrade
version.
To use Gmail, you must disable the Quick UDP Internet Connection (QUIC) protocol.
Palo Alto Networks recommends that you disable QUIC in Chrome. To do so, specify
chrome://flags/
in the Chrome
Experimental QUIC
Protocol
, and select
Disabled
.
Application
App-ID
Inspection Type
(File and Non-File)
Direction
Max File Size
Minimum Version Requirement
Amazon Cloud Drive Web
amazon-cloud-drive
File Inspection
Upload
20 MB
None
Amazon S3 REST API
web-browsing
File Inspection
Upload
20 MB
None
Apple iCloud Web
icloud
File Inspection
Upload
20 MB
None
Asana Web
asana
File Inspection
Upload
20 MB
None
Basecamp Web
basecamp
File Inspection
Upload
20 MB
None
Bitrix24 Web
bitrix24
File Inspection
Upload
20 MB
None
Blackboard Web
blackboard
File Inspection
Upload
20 MB
None
Blogs (e.g Wordpress, Medium)
blog-posting
File Inspection
Non-File Inspection
Upload
20 MB
None
Box Desktop
boxnet
File Inspection
Upload
Download
20 MB (upload)
100 MB (download)
Version 8413
Box Web
boxnet
File Inspection
Upload
Download
100 MB
Version 8413
Canvas Web
canvas
File Inspection
Upload
20 MB
None
Confluence Web
confluence-base
web-browsing
Non-File Inspection
Upload
N/A
10.2.3
DocSend Web
docsend
File Inspection
Upload
20 MB
None
Dropbox Web
dropbox
File Inspection
Upload
100 MB
11.1.0
Egnyte Web
egnyte
File Inspection
Upload
20 MB
None
Evernote Web
evernote
Non-File Inspection
Upload
N/A
10.2.3
(
Images only
) Facebook Web
facebook-uploading
File Inspection
Upload
10 MB
10.2.3
Facebook Messenger Web
facebook-chat
File Inspection
Upload
Download
25MB
None
FilesAnywhere Web
filesanywhere
File Inspection
Upload
20 MB
None
Freshdesk Web
freshdesk
File Inspection
Upload
20 MB
None
GitHub Web
github
File Inspection
Upload
20 MB
Version 8413
Gitlab - Web-based File Attachment and Standard Traffic
gitlab
File Inspection
Non-File Inspection
Upload
100 MB
Version 8413
Glassdoor Web
web-browsing
Non-File Inspection
Upload
N/A
10.2.3
Gmail Web - Mail Attachments
gmail
File Inspection
Upload
100 MB
Version 8413
Google Chat Web
google-chat
Non-File Inspection
Upload
N/A
10.2.3
Google Cloud Platform
google-cloud-storage-base
File Inspection
Upload
Download
100 MB
None
Google Drive Web
google-base
google-docs
File Inspection
Upload
100 MB
10.2.4
Google Docs Web
google-docs-editing
Non-File Inspection
Upload
N/A
10.2.3
Google Forms Web
google-docs-editing
Non-File Inspection
Upload
N/A
10.2.3
Google Meet Web
google-meet
Non-File Inspection
Upload
N/A
10.2.3
Version 8726-8134
Google Photos Web
google-photos
File Inspection
Upload
10 MB
10.2.3
Version 8745-8229
Google Sheets Web
google-docs-editing
Non-File Inspection
Upload
N/A
10.2.3
Google Slides Web
google-docs-editing
Non-File Inspection
Upload
N/A
10.2.3
GSuite (Export via link)
google-base
File Inspection
Download
25 MB
10.2.4
Version 8684-7912
Hubspot Web
hubspot
File Inspection
Upload
20 MB
None
LinkedIn Web
linkedin
File Inspection
Non-File Inspection
Download
25 MB
(
Non-File
) 10.2.3
(
Download
) 10.2.4
Version 8739-17204
Jira Web
jira
File Inspection
Non-File Inspection
Download
100 MB
(
Download and Large File
) 10.2.4
Mendeley Web
mendeley
File Inspection
Upload
20 MB
None
Microsoft Azure Storage
windows-azure
File Inspection
Download
100 MB
10.2.4 or 11.0.2
Version 8742-8215
Microsoft Excel Desktop
web-browsing
File Inspection
Non-File Inspection
Download
26 MB
10.2.4
Microsoft Excel Web
web-browsing
File Inspection
Non-File Inspection
Download
26 MB
10.2.4
Microsoft OneDrive Web - Business
office365-enterprise-access
sharepoint-online
File Inspection
Upload
100 MB
10.2.4
(
Large file
) 11.1.0
Microsoft OneDrive Desktop - Business
office365-enterprise-access
sharepoint-online
File Inspection
Download
100 MB
10.2.4
Version 8684-7912
Microsoft OneDrive Desktop - Personal
ms-onedrive
File Inspection
Upload
100 MB
10.2.4
Version 8684-7912
Microsoft OneNote Web
ms-onenote
File Inspection
Non-File Inspection
Upload
Download
20 MB
Version 8413
Microsoft Outlook Web - Mail Attachments
ms-office365
File Inspection
Upload
100 MB
Version 8673-7845
(
Large file
) 11.1.0
Microsoft Power BI Web
web-browsing
File Inspection
Upload
20 MB
None
Microsoft PowerPoint Desktop
ms-powerpoint-online
File Inspection
Non-File Inspection
Download
100 MB
10.2.4
Microsoft PowerPoint Web
ms-powerpoint-online
File Inspection
Non-File Inspection
Download
100 MB
10.2.4
Microsoft SharePoint Desktop
office365-enterprise-access
sharepoint-online
File Inspection
Non-File Inspection
Upload
Download
100 MB
None
Microsoft SharePoint Web
office365-enterprise-access
sharepoint-online
File Inspection
Non-File Inspection
Upload
Download
100 MB
None
Microsoft Teams Web - Personal
ms-office365
ms-teams
File Inspection
Non-File Inspection
Upload
Download
100 MB
Version 8742-8215
Large File
—PAN-OS 10.2.4 and later or 11.0.2 or later
Non-File
—PAN-OS 10.2.3 and later or 11.0.0 or later
Microsoft Teams Desktop - Personal
ms-office365
ms-teams
Non-File Inspection
N/A
N/A
10.2.3
Microsoft Teams Web - Business
ms-office365
ms-teams
File Inspection
Non-File Inspection
Upload
Download
10 MB (upload)
100 MB (download)
Version 8742-8215
Large File
—PAN-OS 10.2.4 and later or 11.0.2 or later
Non-File
—PAN-OS 10.2.3 and later or 11.0.0 or later
Microsoft Teams Desktop - Business
ms-office365
ms-teams
File Inspection
Non-File Inspection
Upload
Download
10 MB (upload)
100 MB (download)
10.2.3
Miro Web
realtimeboard
File Inspection
Upload
30 MB
10.2.3
Version 8756-8298
Monday.com Web
monday
File Inspection
Upload
20 MB
None
Naver Mail Web
naver-mail
File Inspection
Upload
Download
100 MB
None
Naverworks
web-browsing
File Inspection
Upload
20 MB
Version 8711-8058
Prezi Web
prezi
File Inspection
Upload
20 MB
None
Pastebin Web
pastebin
Non-File Inspection
Upload
20 MB
10.2.3
Pinterest
pinterest
Non-File Inspection
Upload
Download
N/A
N/A
Quip
quip
File Inspection
Upload
Download
100 MB
Version 8735-8187
Quora
quora
Non-File Inspection
N/A
N/A
None
Reddit
reddit
Non-File Inspection
N/A
N/A
None
Salesforce Web
salesforce
File Inspection
Upload
Download
100 MB
Version 8413
ServiceNow Web
service-now
File Inspection
Non-File Inspection
Upload
Download
100 MB
Version 8413
Slack Web
slack
File Inspection
Non-File Inspection
Upload
20 MB
None
Smartsheet Web
smartsheet-web
Non-File Inspection
Upload
N/A
10.2.3 or 11.0.0
Splunk Web
web-browsing
splunk
File Inspection
Upload
20 MB
None
Syncplicity Web
syncplicity
File Inspection
Upload
20 MB
None
Trello Web
trello
File Inspection
Upload
20 MB
None
Twitter Web
twitter
File Inspection
Non-File Inspection
Upload
20 MB
None
Udemy Web
udemy-base
udemy-business
Non-File Inspection
Upload
N/A
10.2.3 or 11.0.0
Web Browsing
web-browsing
File Inspection
Upload
100 MB
None
Webex Desktop
webex
Non-File Inspection
Upload
N/A
Version 8735-8187
Workday Web
workday
File Inspection
Upload
Download
30 MB
Version 8702-8012
Workplace by Facebook Web App
workplace
File Inspection
Upload
20 MB
None
Yahoo Web App Mail Attachments
yahoo-mail-uploading
File Inspection
Non-File Inspection
Upload
25 MB
Version 8413
Yammer Web
yammer
File Inspection
Upload
20 MB
None
Zendesk Web
zendesk
File Inspection
Non-File Inspection
Upload
Download
50 MB
10.2.3 or 11.0.0
(
Upload
) 10.2.5
Version 8757-8277
GenAI Applications
Generative artificial intelligence (GenAI) Applications supported by
Enterprise Data Loss Prevention (E-DLP)
.
The following table displays the supported AI web applications and
operational parameters that you can use with
All GenAI app support require PAN-OS 10.2.3 or later release.
All GenAI apps support only non-file inspection unless otherwise specified.
Application
App-ID
Content Version
ACE
Notes
Adobe Express
adobe-express
8872-8848
—
—
Adobe Firefly
adobe-firefly
8872-8848
—
—
Beautiful.ai
beautiful
8872-8848
—
—
Bito AI
bito
8872-8848
—
—
Chatbot
chatbot
8872-8848
—
—
Claude AI (Anthropic)
claude
8872-8848
—
—
Clockwise
clockwise
8872-8848
—
—
Codium AI
codium-ai
8872-8848
—
—
Cohere Coral Chat
cohere.ai
8852
—
—
Copy AI
web-browsing
8872-8848
—
—
DeepL
deepl
8732
—
—
ElevenLabs
elevenlabs
8872-8848
—
—
Fireflies
fireflies.ai
—
√
—
Google Gemini (formerly Bard)
google-gemini
8872-8848
—
—
Hubspot AI
hubspot-ai
8852
—
—
Humanloop
humanloop
8872-8848
—
—
Hugging Face API
huggingface
8852
—
—
Hypotenuse AI
hypotenuse-ai
8872-8848
—
—
Krisp.ai
krisp
—
√
—
MeetGreek
meetgreek
—
√
—
Microsoft Azure OpenAI Studio
azure-openai-studio
8756
—
—
Murf
murf
8872-8848
—
When rendering a new model in your Murf.ai project, must not select
the
Don't Split
option. This is option is not
supported and prevents
Enterprise DLP
from inspecting traffic
to Murf.ai.
Notion
notion
8529
—
—
OpenAI ChatGPT
openai-chatgpt
8872-8848
—
—
poe
poe
—
√
—
Reclaim.AI
reclaim.ai
—
√
—
Replicate
replicate
8872-8848
—
—
Runway
runway-app
8872-8848
—
—
Sana AI (Knowledge Management)
sanalabs
—
√
—
Sapling
sapling.ai
8872-8848
—
—
Sembly AI
sembly
8872-8848
—
—
SourceGraph Cody
sourcegraph-cody
8872-8848
—
Only Cody web chat is supported
ThoughtSpot
thoughtspot
—
√
—
Voiceflow
voiceflow
8872-8848
—
—
Writesonic
writesonic
8872-8848
—
—
File Types
File types supported by
Enterprise Data Loss Prevention (E-DLP)
.
Enterprise Data Loss Prevention (E-DLP)
supports the following file operations, upload parameters, file
types, and actions.
File operations
—You can upload files using HTTP and HTTPS (no FTP or SMTP)
using:
(
DLP 3.0.1 and earlier releases
) HTTP/1.1
Some applications, such as SharePoint and OneDrive, use HTTP/2 by
default. To use HTTP/2 files with HTTP/1.1, you need to create a
decryption profile and a Security policy rule to strip out the
application-layer protocol negotiation (ALPN) extension in headers.
See Enable Enterprise DLP for more information.
(
DLP 3.0.2 and later releases
) HTTP/1.1 and HTTP/2
Data flow
—File uploads and downloads are supported. Review the supported applications to
learn the data flow direction supported for each application.
Enterprise DLP
doesn’t support maintaining a session connection to
continue inspection if a file download is paused. The DLP cloud service
inspection is terminated for the file if the download operation is
paused.
Concurrent file uploads
—25 concurrent file uploads are supported.
File size
—The maximum supported file size is dependent on the application.
Review the supported applications for
more information.
File types
—
Enterprise DLP
supports inspection of the following file
types.
Microsoft Office (.doc, .docx, .ppt, .pptx, .xls, .xlsx)
supports inspection of the
following source code file types.
Cfamily—C, C++, C+, C#, Objective
C
Go
HTML
java
javascript
JSON
perl
powershell
python
r
ruby
vbs
verilog
vhd1
x86_assembly
ZIP Files
—
Enterprise DLP
supports inspection of ZIP and 7Z (7-ZIP
file archiver) files containing the supported file types listed above.
Enterprise DLP
supports multilevel compressed files.
Prisma Access
,
NGFW (Managed by Panorama)
, and
NGFW (Managed by Strata Cloud Manager)
—Up to four levels of file
compression is supported. The total file size for all uncompressed
files may not exceed the maximum supported file size for each
application.
Data Security
—No maximum number of file compression
levels. The total file size for all uncompressed files may not
exceed the maximum supported file size for each application.
Response
—Block and Alert actions are supported for HTTP and HTTPS files.
However, the Block page doesn’t display the name of the file that the managed
firewall blocked.
Encoding Schemas
Encoding schemas supported by
Enterprise Data Loss Prevention (E-DLP)
.
Enterprise DLP
supports the following encoding schemas for supported file types.
Detection of encoding schemas for any DLP service relies on heuristically guessing
the character encoding of a series of bytes that represent text. As a result,
encoding schema detection is recognized as being inherently unreliable. This means
that
Enterprise DLP
may not be able to always detect encoded files. Palo Alto
Networks is continuously working on and improving
Enterprise DLP
's ability to
detect encoded file types to prevent exfiltration of sensitive data.
Base64
Big5
EUC-JP
EUC-KR
GB18030
IBM855
ISO-2022-CN
UISO-2022-JP
ISO-2022-KR
ISO-8599-1
ISO-8599-2
ISO-8599-3
ISO-8599-4
ISO-8599-5
ISO-8599-6
ISO-8599-7
ISO-8599-8
ISO-8599-9
ISO-8599-11
ISO-8599-12
ISO-8599-13
ISO-8599-15
KOI8-R
Shift_JIS
UTF-8
UTF-16BE
UTF-16LE
windows-1251
windows-1252
windows-1253
windows-1255
Detection Methods
Supported
Enterprise Data Loss Prevention (E-DLP)
detection methods to detect sensitive
data.
Review the list of
Enterprise Data Loss Prevention (E-DLP)
detection methods. Detection methods are
traffic match criteria techniques used by
Enterprise DLP
to inspect for and prevent
exfilitration of sensitive data. Detection methods can be added alongside any
combination of predefined, custom regex, or file property data patterns in an advanced data profile.
Upload custom documents containing intellectual property for which
you want to prevent exfiltration. Custom document types function as
traffic match criteria in advanced data profiles.
Data dictionaries are a collection of one or more keywords or phrases that you
want to detect and prevent exfilitration. A data dictionary is added
as a match criteria alongside the other supported match criteria in
advanced and nested data profiles to
increase the
Upload data sets to detect sensitive and personally identifiable
information (PII) in structured data sources. EDM data sets function
as traffic match criteria in advanced data profiles.
Custom data profile that can include all functionality of classic data patterns, and advanced detection methods such as
Exact Data Matching (EDM) or custom document types.
Provides quantifiable metrics to measure the overall data risk for your
organization and gives administrators the ability to analyze and take preventative
action to strengthen your data risk security posture using the Data Risk
Dashboard.
Connect an AWS storage bucket, Azure storage bucket, or SFTP server to
Enterprise DLP
to automatically store files scanned by the DLP cloud service that
match your data profiles. After a file is successfully stored, you can download the
file for further investigation.
Custom data profile that contains multiple nested data profiles that allows you to
consolidate the match criteria to prevent exfiltration of sensitive data to a single
data profile that can be used in a single Security policy rule.
data profiles to inspect non-file based traffic to
prevent exfiltration of sensitive data through collaboration applications, web forms,
Cloud applications, and social media.
can inspect and block an outbound email if sensitive
data is written in double byte plaintext characters directly in the email subject or
body. However
Enterprise DLP
can't inspect and block an outbound email if sensitive
data is written in double byte plaintext characters in a document meant to be detected
with a custom document type.
Non-File Based Traffic
Enterprise Data Loss Prevention (E-DLP)
supports inspection of non-file based traffic.
Enterprise Data Loss Prevention (E-DLP)
supports inspection of non-file based traffic for sensitive
data. A data filtering profile configured for non-file based traffic detection allows
you to configure URL and application exclusion lists to exclude specific URL and
application traffic from
Enterprise DLP
inspection.
On the
Panorama™ management server
, each data profile you create can be
configured to inspect for either file based traffic or for non-file based traffic, or
for both. On