Data Profiles

Table of Contents

Data Profiles

Create and configure an Enterprise Data Loss Prevention (E-DLP) profile.

On May 7, 2025, Palo Alto Networks is introducing new Evidence Storage and Syslog Forwarding service IP addresses to improve performance and expand availability for these services globally.

You must allow these new service IP addresses on your network to avoid disruptions for these services. Review the Enterprise DLP Release Notes for more information.

Where Can I Use This?	What Do I Need?
NGFW (Managed by Panorama or Strata Cloud Manager) Prisma Access (Managed by Panorama or Strata Cloud Manager) Prisma Browser	Enterprise Data Loss Prevention (E-DLP) license Review the Supported Platforms for details on the required license for each enforcement point. Or any of the following licenses that include the Enterprise DLP license Prisma Access CASB license Next-Generation CASB for Prisma Access and NGFW (CASB-X) license Data Security license

Where Can I Use This?

What Do I Need?

NGFW (Managed by Panorama or Strata Cloud Manager)
Prisma Access (Managed by Panorama or Strata Cloud Manager)
Prisma Browser

Enterprise Data Loss Prevention (E-DLP) license
Review the Supported Platforms for details on the required license for each enforcement point.

Or any of the following licenses that include the Enterprise DLP license

Prisma Access CASB license
Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
Data Security license

To get started, you’ll first create a data pattern that specifies the information types and fields that you want the firewall to filter. Then, you attach that pattern to a data filtering profile, which specifies how you want to enforce the content that the firewall filters. Add the data filtering profile to a Security policy rule to start filtering traffic matching the rule.

Enterprise Data Loss Prevention (E-DLP) profiles specify how you want to enforce the sensitive content that you’re filtering. Predefined data profiles have data patterns that include industry-standard data identifiers, keywords, and built-in logic in the form of machine learning, regular expressions, and checksums for legal and financial data patterns.

Enterprise DLP profiles are active only when they’re attached to a Security policy rule; they scan traffic that matches the rule. If a user uploads a file that matches a data pattern, an alert is triggered or the file is blocked (depending on the action you define in the DLP profile).

You can't delete data profiles after creation. See the Supported Data Profile Actions for more information on the data profile actions Enterprise DLP supports.

Data Profile Type	Description
Predefined Data Profiles	Enterprise DLP includes many predefined data profiles that you can immediately use to detect sensitive data.
Create a Data Profile	A data profile that can use any predefined data pattern, regular expression (regex) data patterns and custom file property data patterns, and advanced detection methods. You can configure a data profile for Local Detection if you have an Prisma Browser license. A data profile configured for Local Detection means that inspection of sensitive data against the traffic match criteria occurs locally on Prisma Browser rather than being sent to the Enterprise DLP cloud detection engine. If you have an active Prisma Browser but no active Enterprise DLP license, you can only create a data profile for Local Detection only.
Create a Nested Data Profile	A nested data profile contains multiple data profiles and enables your data security administrator to consolidate the match criteria to prevent exfiltration of sensitive data to a single data profile that you can associate with a single Security policy rule. For a nested data profile, the DLP rule settings apply to all data profiles added to the nested data profile. You can configure a data profile for Local Detection if you have an Prisma Browser license. A data profile configured for Local Detection means that inspection of sensitive data against the traffic match criteria occurs locally on Prisma Browser rather than being sent to the Enterprise DLP cloud detection engine. If you have an active Prisma Browser but no active Enterprise DLP license, you can only create a data profile for Local Detection only.
Create a Granular Data Profile	A granular data profile contains multiple data profiles and enhance your detection capabilities by enabling your data security administrators to apply differentiated inline content inspection requirements and response actions within the same Security policy rule. For a granular data profile, your data security administrator configures the DLP rule settings for each data profile added to the granular data profile. You can configure a data profile for Local Detection if you have an Prisma Browser license. A data profile configured for Local Detection means that inspection of sensitive data against the traffic match criteria occurs locally on Prisma Browser rather than being sent to the Enterprise DLP cloud detection engine. If you have an active Prisma Browser but no active Enterprise DLP license, you can only create a data profile for Local Detection only.
Update a Data Profile	Update your data profiles to modify the match criteria and settings.
Test a Data Profile	Test the efficacy of your data profiles on Strata Cloud Manager before pushing them to your enforcement points.
Resolve Data Profile Synchronization Conflicts	Resolve data profile synchronization conflicts between Strata Cloud Manager and Panorama that can lead configurations commit failures or for data filtering profiles to be silently overwritten, which can cause security disruptions and protection gaps.

Data Dictionaries

Create a Data Profile

Enterprise DLP Docs

Data Profiles

Enterprise DLP Docs

Data Profiles

Activation & Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner