Create a Data Filtering Profile on Panorama
Create a data filtering profile for the
Enterprise data loss prevention (DLP)on the Panorama™ management server.
After you create a data pattern on Panorama or Prisma Access (Panorama Managed), create a data filtering profile to add multiple data patterns and specify matches and confidence levels. All predefined and custom data filtering profiles are available across all device groups.
When you create a data filtering profile using predefined data patterns, be sure to consider the detection type used by the predefined data patterns because the detection type determines how
Enterprise data loss prevention (DLP)arrives at a verdict for scanned files. For example, when you create a data filtering profile that includes three machine learning (ML)-based data patterns and seven regex-based data patterns,
Enterprise DLPwill return verdicts based on the seven regex-based patterns whenever the scanned file exceeds 1 MB.
- (Optional) Create one or more Enterprise DLP data patterns.
- Selectand specify theObjectsDLPData Filtering ProfilesDevice Group.
- Adda new data filtering profile.
- Define the match criteria.
- If you selectBasic, configure the following:
- Primary Pattern—Addone or more data patterns to specify as the match criteria.If you specify more than one data pattern, the managed firewall uses a boolean OR match in the match criteria.
- Match—Select whether the pattern you specify should match (include) or not match (exclude) the specified criteria.
- Operator—Select a boolean operator to use with theThresholdparameter. SpecifyAnyto ignore the threshold.
- Any—Security policy rule action triggered ifEnterprise DLPdetects at least one instance of matched traffic.
- Less than or equal to—Security policy rule action triggered ifEnterprise DLPdetects instances of matched traffic, with the maximum being the specifiedThreshold.
- More than or equal to—Security policy rule action triggered ifEnterprise DLPdetects instances of matched traffic, with a minimum being the specifiedThreshold.
- Between (inclusive)—Security policy rule action triggered ifEnterprise DLPdetects any number of instances of matched traffic between the specificThresholdrange.
- Threshold—Specify the number of instances of matched traffic required to trigger a Security policy rule action. Range is1-500.For example, to match a pattern that appears three or more times in a file, selectmore_than_or_equal_toas theOperatorand specify3as theThreshold.
- Confidence—Specify the confidence level required for a Security policy rule action to be taken (HighorLow).
- If you selectAdvanced, you can create expressions by dragging and dropping data patterns,Confidencelevels,Operators, andOccurrencevalues into the field in the center of the page.Specify the values in the order that they’re shown in the following screenshot (data pattern,Confidence, andOperatororOccurrence).
- Select anAction(AlertorBlock) to perform on the file.If the data filtering profile has both Primary and Secondary Patterns, changing the data profile Action on Panorama deletes all Secondary Pattern match criteria.
- Specify aFile Type.
- Selectuploadas theDirection.Downloads aren’t supported.
- (Optional) Set theLog Severityrecorded for files that match this rule.The default severity isInformational.
- ClickOKto save your changes.
- Attach the data filtering profile to a Security policy rule.
- Selectand specify thePoliciesSecurityDevice Group.
- Select the Security policy rule to which you want to add the data filtering profile.
- SelectActionsand set theProfile TypetoProfiles.
- Select theData Filteringprofile you created previously.
- Commit and push your configuration changes to your managed firewalls that are usingEnterprise DLP.TheCommit and Pushcommand isn’t recommended forEnterprise DLPconfiguration changes. Using theCommit and Pushcommand requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
- SelectandCommitCommit to PanoramaCommit.
- SelectandCommitPush to DevicesEdit Selections.
- SelectDevice GroupsandInclude Device and Network Templates.
- Pushyour configuration changes to your managed firewalls that are usingEnterprise DLP.
Recommended For You
Recommended videos not found.