Create a Data Filtering Profile on Panorama
Create a data filtering profile for the Enterprise DLP
(data loss prevention) on the Panorama™ management server.
After you create a data pattern on Panorama or Prisma Access (Panorama
Managed), create a data filtering profile to add multiple
data patterns and specify matches and confidence levels. All predefined
and custom data filtering profiles are available across all device
groups.
When you create a data filtering profile using predefined
data patterns, be sure to consider the detection type used
by the predefined data patterns because the detection type determines
how Enterprise data loss prevention (DLP) arrives at a verdict for
scanned files. For example, when you create a data filtering profile
that includes three machine learning (ML)-based data patterns and
seven regex-based data patterns, Enterprise DLP will return verdicts
based on the seven regex-based patterns whenever the scanned file
exceeds 1MB.
- (Optional) Create one or more Enterprise DLP data patterns.
- Select and specify theDevice Group.
- Adda new data filtering profile.
- Configure the primary pattern for the data filtering profile.
- If you selectBasic, configure the following:
- Primary Pattern—Addone or more data patterns to specify as the match criteria.If you specify more than one data pattern, the managed firewall uses a boolean OR match in the match criteria.
- Match—Select whether the pattern you specify should match (include) or not match (exclude) the specified criteria.
- Operator—Select aboolean operator to use with theThresholdparameter. SpecifyAnyto ignore the threshold.
- Threshold—Specify a value to use with theOperatoryou specify.For example, to match a pattern that appears three or more times in a file, selectmore_than_or_equal_toas theOperatorand specify3as theThreshold.
- Confidence—Use this with the proximity keywords you specified in the data pattern you created. Specifying a confidence level ofLowmeans that the managed firewall will not use proximity keywords. Specifying a Confidence level ofHighmeans that the managed firewall looks for the proximity keywords the first 200 characters of the regular expressions in the pattern before it considers the data pattern in a file to be a match.
- If you selectAdvanced, you can create expressions by dragging and dropping data patterns,Confidencelevels,Operators, andOccurrencevalues into the field in the center of the page.Specify the values in the order that they are shown in the following screenshot (data pattern,Confidence, andOperatororOccurrence).
- Select anAction(AlertorBlock) to perform on the file.If the data filtering profile has both Primary and Secondary Patterns, changing the data profile Action on Panorama deletes all Secondary Pattern match criteria.
- Specify aFile Type.Leave the file type asanyto match any of the supported file types.
- Selectuploadas theDirection.Downloads are not supported.
- (Optional) Set theLog Severityrecorded for files that match this rule.The default severity isInformational.
- ClickOKto save your changes.
- Attach the data filtering profile to a Security policy rule.
- Select and specify theDevice Group.
- Select the Security policy rule to which you want to add the data filtering profile.
- SelectActionsand set theProfile TypetoProfiles.
- Select theData Filteringprofile you created previously.
- ClickOKto save your
- Commit and push your configuration changes to your managed firewalls that are leveraging Enterprise DLP.TheCommit and Pushcommand is not recommended for Enterprise DLP configuration changes. Using theCommit and Pushcommand requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
- Select andCommit.
- Select andEdit Selections.
- SelectDevice GroupsandInclude Device and Network Templates.
- ClickOK.
- Pushyour configuration changes to your managed firewalls that are leveraging Enterprise DLP.
