Create a Data Profile on Cloud Management

Launch the Cloud Management Console.
Select
Manage
Configuration
Security Services
Data Loss Prevention
Data Profiles
and
Add Data Profile
With Data Patterns only
.
You can also create a new data profile by copying an existing data profile. This allows you to quickly modify an existing data profile with additional match criteria while preserving the original data profile from which the new data profile was copied.
Data profiles created by copying an existing data profile are appended with
Copy - <name_of_original_data_profile>
. This name can be edited as needed.
Adding an EDM data set to a copied data profile is supported only if the original data profile had an EDM data set to begin with. Adding an EDM data set to a data profile that doesn’t already have an EDM data set isn’t supported.
Configure the Primary Rule for the data profile.
Data pattern match criteria for traffic that you want to allow must be added to the Primary Rule. Data pattern match criteria for traffic that you want to block can be added to either Primary Rule or Secondary Rule.
Enter a descriptive
Data Profile Name
.
Add Pattern Group
and
Add Data Pattern
.
Configure the match criteria.
Data Pattern
—Select a custom or predefined data pattern.
Occurrence Condition
—Specify the occurrences condition required to trigger a Security policy rule action.
Any
—Security policy rule action triggered if
Enterprise DLP
detects at least one instance of matched traffic.
Less than or equal to
—Security policy rule action triggered if
Enterprise DLP
detects instances of matched traffic, with the maximum being the specified
Count
.
More than or equal to
—Security policy rule action triggered if
Enterprise DLP
detects instances of matched traffic, with a minimum being the specified
Count
.
Between (inclusive)
—Security policy rule action triggered if
Enterprise DLP
detects any number of instances of matched traffic between the specific
Count
range.
Count
—Specify the number of instances of matched traffic required to trigger a Security policy rule action. Range is
1
-
500
.
For example, to match a pattern that appears three or more times in a file, select
More than or equal to
as the
Occurrence Condition
and specify
3
as the
Threshold
.
Confidence
—Specify the confidence level required for a Security policy rule action to be taken (
High
or
Low
).
(
Optional
)
Add Data Pattern
to add additional data pattern match criteria to the Primary rule.
(
Optional
)
Add Data Pattern Group
to add additional data pattern conditions using
AND
or
OR
operators to the Primary Rule.
Refer to the descriptions above to configure any additional data pattern conditions as needed.
(
Optional
) Configure a Secondary Rule.
Data pattern match criteria added to the Secondary Rule block all traffic that meets the match criteria for the data pattern conditions. If you want to allow traffic that matches a data pattern match criteria, add it to the Primary Rule.
Review the
Data Profile Preview
to verify the data profile match criteria.
Save
the data profile.
After you save the data profile, it’s viewable on Panorama, Prisma Access (Panorama Managed), Cloud Management, and the DLP app.

Verify that the data profile you created.
DLP App on the hub—
Log in to the DLP app on the hub as a Superuser and select
Data Profiles
to view the data profile you created.
Cloud Management
Launch the Cloud Management Console.
Select
Manage
Configuration
Security Services
Data Loss Prevention
and search for the data profile you created.
Modify a DLP Rule for Prisma Access on Cloud Management.