Modify a DLP Rule for Prisma Access on Cloud Management

Modify an Enterprise data loss prevention (DLP) rule to enforce data security standards for Prisma Access on Cloud Management
A DLP rule, otherwise referred to as a data filtering profile, is a data profile for which you have specified the file type, action, and log severity for an existing data profile. Data filtering profiles are automatically created when you create a new data profile. To create an entirely new data filtering profile, you must create an entirely new data profile which automatically creates the new data filtering profile.
Modify an Enterprise data loss prevention (DLP) data filtering profile on Prisma Access on Cloud Management to enforce your organization’s data security standards and prevent exfiltration of sensitive information. After you configure the data filtering profile, you must create a Profile Group containing the data filtering profile and attached it to a Security Policy so Prisma Access can enforce your data security standards.
  1. Select
    Manage
    Configuration
    Security Services
    Data Loss Prevention
    DLP Rules
    and in the Actions column,
    Edit
    the DLP rule.
    The DLP rule has an identical name as the data profile from which it was automatically created.
  2. (
    Optional
    ) Enter a Description for the DLP rule.
  3. Modify the DLP rule Match Criteria.
    Modifying the DLP rule automatically created for the data profile is not required.
    Skip to the next step to if you want to only apply the DLP rule to a Security Policy using the default values.
    The default DLP rule
    Direction
    is
    Upload
    . Downloads are not supported. This field cannot be edited.
    1. Specify the type of traffic the DLP rule applies to.
      You can enable either or both match criteria traffic types for a DLP rule.
      • File Based Match Criteria
        —DLP rule match criteria is applied to file-based based traffic.
      • Non-File Based Match Criteria
        —DLP rule match criteria is applied to non-file formats that leverage collaboration and cloud applications, web forms, and social media.
    2. Specify a
      File Type
      .
      The default file type is
      Any
      and matches any of the supported file types. Otherwise, you can
      Select
      one or more file types to filter.
    3. Specify the
      File Direction
      .
      The default file direction is
      Both
      and allows inspection of uploads and downloads for supported applications.
    4. Select an
      Action
      (
      Alert and Block
      ,
      Alert
      or
      Block
      ) to perform on the file.
      The Action is set to
      Alert and Block
      by default if the data profile has both Primary and Secondary Patterns. Changing the data filtering profile Action is not supported if both Primary and Secondary patterns are defined.
    5. (
      Optional
      ) Set the
      Log Severity
      recorded for files that match this rule.
      The default severity is
      Low
      .
    6. Save
      the data filtering profile.
  4. Create a Shared Profile Group for the Enterprise DLP data filtering profile.
    1. Select
      Manage
      Configuration
      Profile Groups
      and
      Add Profile Group
      .
    2. Enter a descriptive
      Name
      for the Profile Group.
    3. For the Data Loss Prevention Profile, select the Enterprise DLP data profile.
    4. Add any other additional profiles as needed.
    5. Save
      the profile group.
  5. Create a Security Policy and attached the Profile Group.
    1. Select
      Manage
      Configuration
      Security Policy
      and
      Add Rule
      .
      You can also update an existing Security Policy to attach a Profile Group for Enterprise DLP filtering.
    2. Configure the Security Policy as needed.
    3. Navigate to the Action and Advanced Inspection section, and select the
      Profile Group
      you created in the previous step.
    4. Save
      the Security Policy.
  6. Push your data filtering profile
    1. Push Config
      and
      Push
      .
    2. Select (enable)
      Remote Networks
      and
      Mobile Users
      .
    3. Push
      .

Recommended For You