Create a Data Profile with Data Patterns and EDM Data Sets on Cloud Management
Create and configure an
Enterprise data loss prevention (DLP)
data profile containing a predefined or
custom data pattern and an EDM data set on Cloud Management
.Enterprise data loss prevention (DLP)
supports creation of data profiles that contains at least one predefined
or custom Enterprise DLP
data pattern and at least one
EDM dataset pattern. Data
profiles with a data pattern and an EDM data set created on Cloud Management
are
viewable on Panorama, Prisma Access (Panorama Managed),
Cloud Management, and the DLP app on the hub.
Viewing a data profile created on Cloud Management
on Panorama requires Panorama
plugin for Enterprise DLP
1.0.4 or later release.When you create a data profile using predefined data patterns, be sure to consider the detection types used by the
predefined data patterns because the detection type determines how
Enterprise DLP
arrives at a verdict for scanned files. For example, when you create a data
profile that includes three machine learning (ML)-based data patterns and seven
regex-based data patterns, Enterprise DLP
will return verdicts based on the
seven regex-based patterns whenever the scanned file exceeds 1 MB.Updating a data profile to include only data patterns
isn’t supported if the data profile includes at least one data pattern and one
EDM data set when it was initially created. However, updating a data profile
that includes both EDM data sets and data patterns to only include EDM data sets
is supported.
See Create a Data Profile on Cloud Management to create a data profile containing only predefined or
custom data patterns. See Create a Data Profile with EDM Data Sets on Cloud Management to create a data profile
containing only EDM data sets.
- Select and .You can also create a new data profile by copying an existing data profile. This allows you to quickly modify an existing data profile with additional match criteria while preserving the original data profile from which the new data profile was copied.Data profiles created by copying an existing data profile are appended withCopy - <name_of_original_data_profile>. This name can be edited as needed.Adding an EDM data set to a copied data profile is supported only if the original data profile had an EDM data set to begin with. Adding an EDM data set to a data profile that doesn’t already have an EDM data set isn’t supported.
- Configure the Primary Rule for the data profile.Data pattern match criteria for traffic that you want to allow must be added to the Primary Rule. Data pattern match criteria for traffic that you want to block can be added to either Primary Rule or Secondary Rule.
- Enter a descriptiveData Profile Name.
- Select the data pattern operator (ANDorOR).
- Add Data Pattern.
- Define the data pattern match criteria.
- Data Pattern—Select a custom or predefined data pattern.
- Occurrence Condition—Specify the occurrences condition required to trigger a Security policy rule action.
- Any—Security policy rule action triggered ifEnterprise DLPdetects at least one instance of matched traffic.
- Less than or equal to—Security policy rule action triggered ifEnterprise DLPdetects instances of matched traffic, with the maximum being the specifiedCount.
- More than or equal to—Security policy rule action triggered ifEnterprise DLPdetects instances of matched traffic, with a minimum being the specifiedCount.
- Between (inclusive)—Security policy rule action triggered ifEnterprise DLPdetects any number of instances of matched traffic between the specificCountrange.
- Count—Specify the number of instances of matched traffic required to trigger a Security policy rule action. Range is1-500.For example, to match a pattern that appears three or more times in a file, selectMore than or equal toas theOccurrence Conditionand specify3as theThreshold.
- Confidence—Specify the confidence level required for a Security policy rule action to be taken (HighorLow).
- Add EDM Datasetand define the match criteria.See Create a Data Profile with EDM Data Sets on Cloud Management for more information on configuring EDM data set match criteria in a data profile.
- EDM Dataset—Select an EDM data set uploaded to the DLP cloud service.
- Occurrence Condition—Specify the occurrences condition required to trigger a Security policy rule action.
- Any—Security policy rule action triggered if Enterprise DLP detects at least one instance of matched traffic.
- Less than or equal to—Security policy rule action triggered if Enterprise DLP detects instances of matched traffic, with the maximum being the specifiedCount.
- More than or equal to—Security policy rule action triggered if Enterprise DLP detects instances of matched traffic, with a minimum being the specifiedCount.
- Between (inclusive)—Security policy rule action triggered if Enterprise DLP detects any number of instances of matched traffic between the specificCountrange.
- Count—Specify the number of instances of matched traffic required to trigger a Security policy rule action. Range is1-500.
- Configure the EDM data setPrimary Fieldsvalues.
- Configure whether a Security policy rule action is taken ifAny (OR)orAll (AND)primary fields are matched and ifAny (OR)orAll (AND)secondary fields are matched.
- (Any(OR) only) Enter theCountto specify the number of instances of matched traffic required to trigger a Security policy rule action. Range is1-500.When you selectAny (OR), the maximumCountsetting is one less than the total number of fields included in thePrimary FieldorSecondary Field.
- The list of available values is populated from the selected EDM data set. You must select at least one primary field value.Select thePrimary Fieldsvalues.You’re required to add at least one column where the column values occurs up to 12 times in the selected EDM data set for thePrimary Field. For example, if the EDM data set contains columns for first name, last name, social security number, and credit card number, add social security number and credit card in the primary field.
- (Optional)Add Groupto nest additional match criteria for a data pattern or EDM data set so you can more accurately define your compliance rules.When you clickAdd Group, the new match criteria group is nested under the most recently added data pattern or EDM data set. You can’t nest a new match criteria group between existing data patterns or EDM data sets. If multiple data patterns or EDM data sets are added, you must remove the data patterns or EDM data sets that follow the data pattern or EDM data set for which you want to add the nested match criteria. For example, you addedEDM_Dataset1,Data_Pattern2, andEDM_Dataset3to the Primary Rule. If you wanted to added nested match criteria toData_Pattern2, you must first removeEDM_Dataset3from the Primary Rule.You can select the same data pattern or EDM data set or a different data pattern EDM data set to more accurately define your compliance rules. Nesting match criteria is supported only when the data profile includes an EDM data set.Enterprise DLPsupports up to three level of additional nesting groups for each data pattern or EDM data set. You can nest additional data patterns or EDM data sets under a data pattern or EDM data set added to the Primary or Secondary Rule.Nested match criteria support theAND,OR, andNOToperators. Refer to the descriptions above to configure the nested match criteria.
- (Optional) Configure a Secondary Rule.Data pattern match criteria added to the Secondary Rule block all traffic that meets the match criteria for the data pattern conditions. If you want to allow traffic that matches a data pattern match criteria, add it to the Primary Rule.
- Review theData Profile Previewto verify the data profile match criteria.
- Savethe data profile.
