Create a Data Filtering Profile on Panorama
Table of Contents
Expand all | Collapse all
-
- Register and Activate Enterprise DLP on Prisma Access (Panorama Managed)
- Edit the Enterprise DLP Snippet Settings on the DLP App
- Enable Role Based Access to Enterprise DLP on Cloud Management
- Enable Optical Character Recognition on Cloud Management
- Enable Optical Character Recognition for Enterprise DLP
-
-
- Create a Data Profile on the DLP App
- Create a Data Profile with EDM Data Sets on the DLP App
- Create a Data Profile with Data Patterns and EDM Data Sets on the DLP App
- Create a Data Profile with Nested Data Profiles on the DLP App
- Create a Data Profile on Cloud Management
- Create a Data Profile with EDM Data Sets on Cloud Management
- Create a Data Profile with Data Patterns and EDM Data Sets on Cloud Management
- Create a Data Profile with Nested Data Profiles on Cloud Management
- Create a Data Filtering Profile on Panorama
- Create a Data Filtering Profile on Panorama for Non-File Detection
- Update a Data Profile on the DLP App
- Update a Data Profile on Cloud Management
- Update a Data Filtering Profile on Panorama
- Enable Existing Data Patterns and Filtering Profiles
-
- How Does Email DLP Work?
- Activate Email DLP
- Add an Enterprise DLP Email Policy
- Review Email DLP Incidents
-
- Monitor DLP Status with the DLP Health and Telemetry App
- View Enterprise DLP Log Details on the DLP App
- Manage Enterprise DLP Incidents on the DLP App
- View Enterprise DLP Audit Logs on the DLP App
- View Enterprise DLP Log Details on Cloud Management
- Manage Enterprise DLP Incidents on Cloud Management
- View Enterprise DLP Audit Logs on Cloud Management
- View Enterprise DLP Log Details on Panorama
Create a Data Filtering Profile on Panorama
Create a data filtering profile for the
Enterprise Data Loss Prevention (E-DLP)
on the Panorama™
management server.After you create a data pattern on Panorama or Prisma Access (Panorama
Managed), create a data filtering profile to add multiple
data patterns and specify matches and confidence levels. All predefined
and custom data filtering profiles are available across all device
groups.
When you create a data filtering profile using predefined data patterns, be sure to consider the
detection type used by the
predefined data patterns because the detection type determines how
Enterprise Data Loss Prevention (E-DLP)
arrives at a verdict for scanned files.- Edit the Enterprise DLP Data Filtering Settings to configure the minimum and maximum data size limits and the actions the firewall takes when uploading files to the DLP cloud service.
- (Optional) Create one or more Enterprise DLP data patterns.
- Selectand specify theObjectsDLPData Filtering ProfilesDevice Group.
- Adda new data filtering profile.
- Define the match criteria.
- If you selectBasic, configure the following:
- Primary Pattern—Addone or more data patterns to specify as the match criteria.If you specify more than one data pattern, the managed firewall uses a boolean OR match in the match criteria.
- Match—Select whether the pattern you specify should match (include) or not match (exclude) the specified criteria.
- Operator—Select a boolean operator to use with theThresholdparameter. SpecifyAnyto ignore the threshold.
- Any—Security policy rule action triggered ifEnterprise DLPdetects at least one instance of matched traffic.
- Less than or equal to—Security policy rule action triggered ifEnterprise DLPdetects instances of matched traffic, with the maximum being the specifiedThreshold.
- More than or equal to—Security policy rule action triggered ifEnterprise DLPdetects instances of matched traffic, with a minimum being the specifiedThreshold.
- Between (inclusive)—Security policy rule action triggered ifEnterprise DLPdetects any number of instances of matched traffic between the specificThresholdrange.
- Threshold—Specify the number of instances of matched traffic required to trigger a Security policy rule action. Range is1-500.For example, to match a pattern that appears three or more times in a file, selectmore_than_or_equal_toas theOperatorand specify3as theThreshold.
- Confidence—Specify the confidence level required for a Security policy rule action to be taken (HighorLow).
- If you selectAdvanced, you can create expressions by dragging and dropping data patterns,Confidencelevels,Operators, andOccurrencevalues into the field in the center of the page.Specify the values in the order that they’re shown in the following screenshot (data pattern,Confidence, andOperatororOccurrence).
- Select anAction(AlertorBlock) to perform on the file.If the data filtering profile has both Primary and Secondary Patterns, changing the data profile Action on Panorama deletes all Secondary Pattern match criteria.
- Specify the file types the DLP cloud service takes action against.
- DLP plugin 4.0.0 and earlier releases
- DLP plugin 4.0.1 and later releases
- SelectFile Types.
- Select the Scan Type to create a file type include or exclude list.
- Include—DLP cloud service inspects only the file types you add to the File Type Array.
- Exclude—DLP cloud service inspects all supported file types except for those added to the File Type Array.
- ClickModifyto add the file types to the File Type Array and clickOK.
- Selectuploadas theDirection.Downloads aren’t supported.
- (Optional) Set theLog Severityrecorded for files that match this rule.The default severity isInformational.
- ClickOKto save your changes.
- Attach the data filtering profile to a Security policy rule.
- Selectand specify thePoliciesSecurityDevice Group.
- Select the Security policy rule to which you want to add the data filtering profile.
- SelectActionsand set theProfile TypetoProfiles.
- Select theData Filteringprofile you created previously.
- ClickOK.
- Commit and push your configuration changes to your managed firewalls that are usingEnterprise DLP.TheCommit and Pushcommand isn’t recommended forEnterprise DLPconfiguration changes. Using theCommit and Pushcommand requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
- SelectandCommitCommit to PanoramaCommit.
- SelectandCommitPush to DevicesEdit Selections.
- SelectDevice GroupsandInclude Device and Network Templates.
- ClickOK.
- Pushyour configuration changes to your managed firewalls that are usingEnterprise DLP.