Create an EDM Filtering Profile

Create an Exact Data Matching (EDM) filtering profile in the DLP app on the hub.
Create an Exact Data Matching (EDM) filtering profile in the DLP app on the hub. EDM filtering profiles created in the DLP app are automatically synchronized with your Panorama™ management server so you can leverage the EDM filtering profile in your Security policy rules. In order for the DLP cloud service to render a match verdict using an EDM filtering profile, scanned files containing primary and secondary field values must be within 100 character of each other. Otherwise, the DLP cloud service is unable to render a match verdict.
After you set up the EDM CLI application and configure connectivity to the DLP cloud service, you must upload an encrypted EDM data set to the DLP cloud service using a configuration file or in Interactive mode before you can create an EDM filtering profile.
  1. Log in to the DLP app on the hub.
    If you do not already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.
  2. Click
    Detection Methods
    Data Profiles
    and
    Add Data Profile
    .
  3. Create the EDM filtering profile.
    1. Enter a descriptive
      Data Profile Name
      .
    2. Select an
      EDM Dataset
      .
      The list of available data sets are the EDM data sets uploaded using the EDM CLI application.
    3. Specify the
      Occurrences
      required to trigger a Security policy rule action.
      The occurrences value you configure determine how many times values in the Primary Field and Secondary Fields are encountered before triggering an action.
    4. Select the
      Primary Field
      values.
      The list of available values is populated from the selected EDM data set. You must select at least one primary field value.
      You are required to add at least one column where the column values occurs up to 12 times in the selected EDM data set for the
      Primary Field
      . For example, if the EDM data set contains columns for first name, last name, social security number, and credit card number, add social security number and credit card in the primary field.
    5. (
      Optional
      ) Select the
      Secondary Field
      values.
      The list of available fields is populated from the selected EDM data set.
      For the best results for exact data matching, include any columns that could be repeated in the secondary field. For example, if the EDM data set contains columns for first name, last name, social security number, and credit card number, add first name and last name in the secondary field.
    6. Configure the match criteria for a Security policy rule action based on the values in the primary and secondary fields.
      When you select
      Any
      , the maximum
      Count
      setting is one less than the total number of fields included in the
      Primary Field
      or
      Secondary Field
      .
      Configure whether an action if
      Any
      or
      All
      primary fields are matched and if
      Any
      or
      All
      secondary fields are matched.
      For example, you configure an EDM filtering profile to scan for at least 20 occurrences that match for All primary fields and Any secondary fields with a match count of 3. When applied to a Security policy rule, an action is taken when a scanned file contains at least 20 matches to all primary field values and any 3 of the secondary field values.
    7. Save
      the EDM filtering profile.
      Saved profiles are automatically synchronized to your Panorama so you can apply the profile to a Security policy rule.
  4. Add the EDM filtering profile to a Security policy rule.
    1. Select
      Policies
      Security
      and select the
      Device Group
      associated with the managed firewalls leveraging Enterprise DLP.
    2. Click the Security policy rule
      Name
      .
      See Create a Security Policy Rule to create a new Security policy rule.
    3. Select
      Actions
      Profile Type
      Profiles
      and select the
      Data Filtering
      profile.
    4. Click
      OK
      .
    5. Select
      Commit
      and
      Commit and Push
      .

Recommended For You