Create a Data Profile with Data Patterns and EDM Datasets
on Prisma Access (Cloud Managed)
Create and configure an Enterprise data loss prevention
(DLP) data profile containing a predefined or custom data pattern
and an EDM dataset on Prisma Access (Cloud Managed).
Enterprise data loss prevention (DLP) supports
creation of data profiles that contains at least one predefined
or custom Enterprise DLP data pattern and
at least one EDM dataset pattern.
Data profiles with a data pattern and an EDM dataset created on Prisma
Access (Cloud Managed) are viewable on Panorama, Prisma Access (Panorama
Managed), Prisma Access (Cloud
Managed), and the DLP app on the hub. Viewing a data profile
created on Prisma Access (Cloud Managed) on Panorama requires Panorama
plugin for Enterprise DLP 1.0.4 or later release.
When you
create a data profile using predefined data patterns, be sure to
consider the detection types used
by the predefined data patterns because the detection type determines
how Enterprise data loss prevention (DLP) arrives at a verdict for scanned
files. For example, when you create a data profile that includes
three machine learning (ML)-based data patterns and seven regex-based
data patterns, Enterprise DLP will return verdicts based on the
seven regex-based patterns whenever the scanned file exceeds 1MB.
Updating a data profile to include only data
patterns is not supported if the data profile includes at least one data pattern and one EDM
dataset when it was initially created. However, updating a data profile that includes both EDM
datasets and data patterns to only include EDM datasets is supported.
See Create a Data Profile on Prisma Access (Cloud Managed) to create
a data profile containing only predefined or custom data patterns.
See Create a Data Profile with EDM Datasets on Prisma Access (Cloud Managed) to create
a data profile containing only EDM datasets.
- SelectandManageConfigurationSecurity ServicesData Loss PreventionData Profiles.Add Data ProfilesWith EDM or a combination of EDM and Data PatternsYou can also create a new data profile by copying an existing data profile. This allows you to quickly modify an existing data profile with additional match criteria while preserving the original data profile from which the new data profile was copied.Data profiles created by copying an existing data profile are appended withCopy - <name_of_original_data_profile>. This name can be edited as needed.Adding an EDM dataset to a copied data profile is supported only if the original data profile had an EDM dataset to begin with. Adding an EDM dataset to a data profile that does not already have an EDM dataset is not supported.
- Verify that the data profile you created.
- DLP App on the hub—Log in to the DLP app on the hub as a Superuser and selectData Profilesto view the data profile you created.
- SaaS Security—Review the shared data profiles and data patterns and locate the data profile you created. Add a new asset rule and specify the match criteria using data profile you created.
- Prisma Access (Cloud Managed)
- Selectand search for the data profile you created.ManageConfigurationSecurity ServicesData Loss Prevention
- Configure the Primary Rule for the data profile.Data pattern match criteria for traffic that you want to allow must be added to the Primary Rule. Data pattern match criteria for traffic that you want to block can be added to either Primary Rule or Secondary Rule.
- Enter a descriptiveData Profile Name.
- For the Primary Rule,Add RuleandAdd Data Pattern.
- Configure the data pattern conditions as needed.
- Select the operator for data pattern.
- Data Pattern—Select a custom or predefined data pattern.
- Occurrences—Specify the occurrences required to trigger a Security policy rule action.
- Confidence—Specify the confidence level required for a Security policy rule action to be taken (Low,Medium, orHigh)
- Add EDM Datasetto define the EDM dataset match criteria using anANDorORoperator to the Primary Rule.See Create a Data Profile with EDM Datasets on Prisma Access (Cloud Managed) for more information on configuring EDM dataset match criteria in a data profile.
- Configure the match criteria for a Security policy rule action based on the values in the primary and secondary fields.When you selectAny (OR), the maximumCountsetting is one less than the total number of fields included in thePrimary FieldorSecondary Field.Configure whether an action ifAny (OR)orAll (AND)primary fields are matched and ifAny (OR)orAll (AND)secondary fields are matched.For example, you configure the data profile to scan for at least 20 occurrences that match for All primary fields and Any secondary fields with a match count of 3. When applied to a Security policy rule, an action is taken when a scanned file contains at least 20 matches to all primary field values and any 3 of the secondary field values.
- (Optional)Add Groupto nest additional match criteria for a data pattern or EDM dataset so you can more accurately define your compliance rules.When you clickAdd Group, the new match criteria group is nested under the most recently added data pattern or EDM dataset. You cannot nest a new match criteria group between existing data patterns or EDM datasets. If multiple data patterns or EDM datasets are added, you must remove the data patterns or EDM datasets that follow the data pattern or EDM dataset for which you want to added the nested match criteria. For example, you addedEDM_Dataset1,Data_Pattern2, andEDM_Dataset3to the Primary Rule. If you wanted to added nested match criteria toData_Pattern2, you must first removeEDM_Dataset3from the Primary Rule.You can select the same data pattern or EDM dataset or a different data pattern EDM dataset to more accurately define your compliance rules. Nesting match criteria is supported only when the data profile includes an EDM dataset. Enterprise DLP supports up to 3 level of additional nesting groups for each data pattern or EDM dataset. You can nest additional data patterns or EDM datasets under a data pattern or EDM dataset added to the Primary or Secondary Rule.Nested match criteria support theAND,OR, andNOToperators. Refer to the descriptions above to configure the nested match criteria.
- (Optional) Configure a Secondary Rule.Data pattern match criteria added to the Secondary Rule block all traffic that meet the match criteria for the data pattern conditions. If you want to allow traffic that matches a data pattern match criteria, add it to the Primary Rule.
- Review theData Profile Previewto verify the data profile match criteria.
- Savethe data profile.
Recommended For You
Recommended Videos
Recommended videos not found.