Edit the Enterprise DLP Snippet Settings
Focus
Focus
Enterprise DLP

Edit the Enterprise DLP Snippet Settings

Table of Contents

Edit the
Enterprise DLP
Snippet Settings

The
Enterprise Data Loss Prevention (E-DLP)
snippet settings allow you to configure if and how snippets of matched traffic are stored in the DLP cloud service.
Where Can I Use This?
What Do I Need?
  • NGFW (Panorama Managed)
  • Prisma Access (Managed by Strata Cloud Manager)
  • SaaS Security
  • NGFW (Cloud Managed)
  • Enterprise Data Loss Prevention (E-DLP)
    license
  • NGFW (Panorama Managed)
    —Support and
    Panorama
    device management licenses
  • Prisma Access (Managed by Strata Cloud Manager)
    Prisma Access
    license
  • SaaS Security
    SaaS Security
    license
  • NGFW (Cloud Managed)
    —Support and
    AIOps for NGFW Premium
    licenses
Or any of the following licenses that include the
Enterprise DLP
license
  • Prisma Access
    CASB license
  • Next-Generation CASB for Prisma Access and NGFW (CASB-X)
    license
  • Data Security
    license
A snippet is evidence or identifiable information associated with a data pattern match. You can configure if and how
Enterprise Data Loss Prevention (E-DLP)
stores and masks snippets of sensitive data that match your data pattern match criteria in an
Enterprise DLP
data profiles in the DLP cloud service. Your snippet setting configuration determines how snippets of matched traffic are displayed when you review your DLP Incidents.

Strata Cloud Manager

Configure the
Enterprise Data Loss Prevention (E-DLP)
snippet settings on
Strata Cloud Manager
to specify if and how snippets are stored.
  1. Log in to
    Strata Cloud Manager
    .
  2. Select
    Manage
    Configuration
    Security Services
    Data Loss Prevention
    Settings
    .
  3. Enable
    Snippets Viewing
    to store the snippets of sensitive data that match your data patterns in the DLP cloud service.
  4. Configure how to
    Snippets Masking
    for storage in the DLP cloud service.
    • Do not mask
      —Matched sensitive data snippet isn’t masked and entirely visible in cleartext.
    • Partial mask
      —Matched sensitive data snippet is partially masked, displaying the last two characters in cleartext.
    • Full mask
      —Matched sensitive data snippet is fully masked.
  5. Push the snippet settings.
    1. Push Config
      and
      Push
      .
    2. Select (enable)
      Remote Networks
      and
      Mobile Users
      .
    3. Push
      .

DLP App

Configure the
Enterprise Data Loss Prevention (E-DLP)
snippet settings on the DLP app on the Hub to specify if and how snippets are stored.
  1. Log in to the DLP app on the hub.
    If you don’t already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.
  2. Select
    Settings
    Sensitive Data
    .
  3. Check (enable)
    Store Snippets of Sensitive Data for Cloud Management or NGFW
    to store the snippets of sensitive data that match your data patterns in the DLP cloud service.
  4. Configure how to
    Mask sensitive fields in snippets for Cloud Management or NGFW
    for storage in the DLP cloud service.
    • no-mask
      —Matched sensitive data snippet isn’t masked and entirely visible when stored in the DLP cloud service.
    • partial-mask
      —Matched sensitive data snippet is partially masked displaying four characters when stored in the DLP cloud service.
    • full-mask
      —Matched sensitive data snippet is fully masked when stored in the DLP cloud service.

Panorama

Configure the
Enterprise Data Loss Prevention (E-DLP)
snippet settings on your
Panorama™ management server
to specify if and how snippets are stored.
  1. Log in to the
    Panorama
    web interface.
  2. Select
    Panorama
    DLP
    Configuration
    and edit the Snippet Settings.
  3. Check (enable)
    Store Snippets of Sensitive Data
    to store the snippets of sensitive data that match your data patterns in the DLP cloud service.
  4. Configure how to
    Mask Sensitive Field
    for storage in the DLP cloud service.
    • no-mask
      —Matched sensitive data snippet isn’t masked and entirely visible when stored in the DLP cloud service.
    • partial-mask
      —Matched sensitive data snippet is partially masked displaying four characters when stored in the DLP cloud service.
    • full-mask
      —Matched sensitive data snippet is fully masked when stored in the DLP cloud service.
  5. Click
    OK
    to save your configuration changes.
  6. Commit and push the new configuration to your managed firewalls to complete the
    Enterprise DLP
    plugin installation.
    This step is required for
    Enterprise DLP
    data filtering profile names to appear in Data Filtering logs.
    The
    Commit and Push
    command isn’t recommended for
    Enterprise DLP
    configuration changes. Using the
    Commit and Push
    command requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
    • Full configuration push from Panorama
      1. Select
        Commit
        Commit to
        Panorama
        and
        Commit
        .
      2. Select
        Commit
        Push to Devices
        and
        Edit Selections
        .
      3. Select
        Device Groups
        and
        Include Device and Network Templates
        .
      4. Click
        OK
        .
      5. Push
        your configuration changes to your managed firewalls that are using
        Enterprise DLP
        .
    • Partial configuration push from Panorama
      You must always include the temporary
      __dlp
      administrator when performing a partial configuration push. This is required to keep
      Panorama
      and the DLP cloud service in sync.
      For example, you have an
      admin
      Panorama
      admin user who is allowed to commit and push configuration changes. The
      admin
      user made changes to the
      Enterprise DLP
      configuration and only wants to commit and push these changes to managed firewalls. In this case, the
      admin
      user is required to also select the
      __dlp
      user in the partial commit and push operations.
      1. Select
        Commit
        Commit to
        Panorama
        .
      2. Select
        Commit Changes Made By
        and then click the current Panorama admin user to select additional admins to include in the partial commit.
        In this example, the
        admin
        user is currently logged in and performing the commit operation. The
        admin
        user must click
        admin
        and then select the
        __dlp
        user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.
        Click
        OK
        to continue.
      3. Commit
        .
      4. Select
        Commit
        Push to Devices
        .
      5. Select
        Push Changes Made By
        and then click the current Panorama admin user to select additional admins to include in the partial push.
        In this example, the
        admin
        user is currently logged in and performing the push operation. The
        admin
        user must click
        admin
        and then select the
        __dlp
        user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.
        Click
        OK
        to continue.
      6. Select
        Device Groups
        and
        Include Device and Network Templates
        .
      7. Click
        OK
        .
      8. Push
        your configuration changes to your managed firewalls that are using
        Enterprise DLP
        .

Recommended For You