Create a Data Profile on the DLP App
Create and configure an Enterprise data loss prevention
(DLP) data profile on the DLP app on the hub.
After you create a data pattern on Panorama or the DLP
app on the hub, create a data profile to add multiple data patterns and specify matches
and confidence levels. All predefined and custom data profiles are available across all device
groups. Custom data profiles created in the DLP app that contain no EDM dataset patterns are viewable and can be modified on
Panorama, Prisma Access (Panorama Managed), Cloud Management, and the DLP app on the hub. Viewing a data profile created on the DLP
on Panorama requires Panorama plugin for Enterprise DLP 1.0.4 or later release.
When
you create a data profile using predefined data patterns, be sure
to consider the detection types used
by the predefined data patterns because the detection type determines
how Enterprise data loss prevention (DLP) arrives at a verdict for scanned
files. For example, when you create a data profile that includes
three machine learning (ML)-based data patterns and seven regex-based
data patterns, Enterprise DLP will return verdicts based on the
seven regex-based patterns whenever the scanned file exceeds 1MB.
Updating a data profile to
include an EDM dataset is not supported if the data profile did
not include an EDM dataset when it was initially created.
If
you want to create a data profile that combines a predefined or
custom data pattern and an EDM dataset, see Create a Data Profile with Data Patterns and EDM Datasets on the DLP App.
- Log in to the DLP app on the hub.If you do not already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.
- Select .You can also create a new data profile by copying an existing data profile. This allows you to quickly modify an existing data profile with additional match criteria while preserving the original data profile from which the new data profile was copied.Data profiles created by copying an existing data profile are appended withCopy - <name_of_original_data_profile>. This name can be edited as needed.Adding an EDM dataset to a copied data profile is supported only if the original data profile had an EDM dataset to begin with. Adding an EDM dataset to a data profile that does not already have an EDM dataset is not supported.
- Configure the Primary Rule for the data profile.Data pattern match criteria for traffic that you want to allow must be added to the Primary Rule. Data pattern match criteria for traffic that you want to block can be added to either Primary Rule or Secondary Rule.
- Enter a descriptiveData Profile Name.
- For the Primary Rule,Add RuleandAdd Data Pattern.
- Configure the data pattern conditions as needed.
- Select the operator for data pattern.
- Data Pattern—Select a custom or predefined data pattern.
- Occurrences—Specify the occurrences required to trigger a Security policy rule action.
- Confidence—Specify the confidence level required for a Security policy rule action to be taken (Low,Medium, orHigh)
- (Optional)Add Data Pattern Groupto add additional data pattern conditions usingANDorORoperators to the Primary Rule.Refer to the descriptions above to configure any additional data pattern conditions as needed.
- (Optional) Configure a Secondary Rule.Data pattern match criteria added to the Secondary Rule block all traffic that meet the match criteria for the data patterns by default and cannot be modified. If you want to allow traffic that matches a data pattern match criteria, add it to the Primary Rule.
- Review theData Profile Previewto verify the data profile match criteria.
- Savethe data profile.After you save the data profile, it is viewable on Panorama, Prisma Access (Panorama Managed), and Cloud Management.
- Verify that the data profile you created.
- DLP App on the hub—Log in to the DLP app on the hub as a Superuser and selectData Profilesto view the data profile you created.
- Cloud Management
- Select and search for the data profile you created.
- Panorama and Prisma Access (Panorama Managed)See Update a Data Filtering Profile on Panorama for more information on which data profile settings are editable on Panorama for a data profile created on Prisma Access (Cloud Managed).
- Select and navigate to the data profile you created.
- (Optional) Edit the data profile Action to block traffic.The Action for a data profile created on the Prisma Access (Cloud Managed) is configured toAlertby default.If the data profile has both Primary and Secondary Patterns, changing the data profile Action on Panorama deletes all Secondary Pattern match criteria.
- Select the data profile created on Prisma Access (Cloud Managed).
- Set the data profile Action toBlocktraffic that matches the data profile match criteria.
- Select andCommit.
- ClickOK.
- Select andEdit Selections.
- SelectDevice GroupsandInclude Device and Network Templates.
- Pushyour configuration changes to your managed firewalls that are leveraging Enterprise DLP.
- Attach the data profile to a Security policy rule.
- Prisma Access (Cloud Managed)—Modify a DLP Rule for Prisma Access on Cloud Management.
- Panorama and Prisma Access (Panorama Managed)
- Select and specify theDevice Group.
- Select the Security policy rule to which you want to add the data profile.
- SelectActionsand set theProfile TypetoProfiles.
- Select theData Filteringprofile you created.
- ClickOK.
- SelectCommitandCommit and Push.
