Configure Enterprise DLP for Prisma Access (Cloud Managed)
Important: If you’re already using Panorama
to manage Enterprise DLP for next-gen firewalls, your DLP configuration
(data patterns and DLP profiles) in Prisma Access cloud management
is read-only; continue to manage DLP from Panorama.
DLP for Prisma Access (Cloud Managed) includes built-in settings
that you can use to quickly start protecting your most sensitive
Predefined data patterns specify
common types of sensitive information (like credit cards and social
security numbers) that you might want to scan for and protect
If you’re using SaaS Security with Enterprise
DLP, your DLP configuration is shared across SaaS Security
and Prisma Access (Cloud Managed). This means that if there is an
advanced setting or customization option available in SaaS Security,
you can set it up there and leverage it in Prisma Access (Cloud
Here’s an example of DLP profiles that are shared
across SaaS Security and Prisma Access (Cloud Managed).
Go to the Data Loss Prevention
dashboard to get started:
You cannot make changes to the predefined data
patterns or predefined DLP profiles within Prisma Access (Cloud
You also cannot create custom data patterns directly from
Prisma Access (Cloud Managed). Go to SaaS Security to create
a custom data pattern that you can use here.
Create a custom DLP profile.
You can create a custom DLP profile. Add the data patterns
that the profile scans for, and set conditions that would trigger
an action like block or alert.
Certain advanced settings are
available only in the SaaS Security app. If you go to SaaS Security
and configure a DLP profile there, that profile will be visible
to you here and can be used in your Prisma Access (Cloud Managed)
To start scanning traffic based on a DLP profile, attach
the profile to a security rule.