: Create a Data Profile with EDM Data Sets on Cloud Management
Focus
Focus

Create a Data Profile with EDM Data Sets on Cloud Management

Table of Contents

Create a Data Profile with EDM Data Sets on Cloud Management

Create an
Enterprise Data Loss Prevention (E-DLP)
data profile using Exact Data Matching (EDM) data sets on
Prisma Access (Cloud Management)
.
Create a data profile with Exact Data Matching (EDM) data sets on
Cloud Management
. Data profiles with EDM data sets created on
Cloud Management
are automatically synchronized with your Panorama™ management server so you can use the data profile in your Security policy rules. In order for the DLP cloud service to render a match verdict using on the data profile, scanned files containing primary and secondary field values must be within 100 character of each other. Otherwise, the DLP cloud service is unable to render a match verdict. Data profiles with EDM data sets created on
Cloud Management
are viewable on Panorama, Prisma Access (Panorama Managed), Cloud Management, and the DLP app on the hub. Viewing a data profile created on
Cloud Management
on Panorama requires Panorama plugin for
Enterprise DLP
1.0.4 or later release.
After you set up the EDM CLI application and configure connectivity to the DLP cloud service, you must upload an encrypted EDM data set to the DLP cloud service using a configuration file or in Interactive mode before you can create a data profile with EDM data sets.
Updating a data profile to include only data patterns isn’t supported if the data profile includes at least one EDM data set when it was initially created. However, update a data profile that includes only EDM data sets to include data patterns is supported.
See Create a Data Profile on Cloud Management to create a data profile containing only predefined or custom data patterns.
  1. Select
    Manage
    Configuration
    Security Services
    Data Loss Prevention
    Data Profiles
    and
    Add Data Profile
    Advanced Data Profile
    .
    You can also create a new data profile by copying an existing data profile. This allows you to modify an existing data profile with additional match criteria while preserving the original data profile from which the new data profile was copied.
    Data profiles created by copying an existing data profile are appended with
    Copy - <name_of_original_data_profile>
    . This name can be edited as needed.
    Adding an EDM data set to a copied data profile is supported only if the original data profile had an EDM data set to begin with. Adding an EDM data set to a data profile that doesn’t already have an EDM data set isn’t supported.
  2. Create the Primary Rule for the data profile.
    1. Enter a descriptive
      Data Profile Name
      .
    2. Select the match criteria operator (
      AND
      or
      OR
      ).
    3. EDM Dataset
      .
    4. Define the match criteria.
      • EDM Dataset
        —Select an EDM data set uploaded to the DLP cloud service.
      • Occurrence Condition
        —Specify the occurrences condition required to trigger a Security policy rule action.
        • Any
          —Security policy rule action triggered if
          Enterprise DLP
          detects at least one instance of matched traffic.
        • Less than or equal to
          —Security policy rule action triggered if
          Enterprise DLP
          detects instances of matched traffic, with the maximum being the specified
          Count
          .
        • More than or equal to
          —Security policy rule action triggered if
          Enterprise DLP
          detects instances of matched traffic, with a minimum being the specified
          Count
          .
        • Between (inclusive)
          —Security policy rule action triggered if
          Enterprise DLP
          detects any number of instances of matched traffic between the specific
          Count
          range.
      • Count
        —Specify the number of instances of matched traffic required to trigger a Security policy rule action. Range is
        1
        -
        500
        .
        For example, to match a pattern that appears three or more times in a file, select
        More than or equal to
        as the
        Occurrence Condition
        and specify
        3
        as the
        Threshold
        .
      • Unique Occurrences
        —Check (enable) to detect only unique instances of traffic matches. Only unique occurrences of traffic matches are counted toward the specified
        Count
        .
        This setting is disabled by default. Keep
        Unique Occurrences
        disabled if you want all instances of traffic matches to count toward the specified
        Count
        .
    5. Configure the
      Primary Field
      values.
      1. Configure whether a Security policy rule action is taken if
        Any (OR)
        or
        All (AND)
        primary fields are matched and if
        Any (OR)
        or
        All (AND)
        secondary fields are matched.
      2. (
        Any(OR) only
        ) Enter the
        Count
        to specify the number of instances of matched traffic required to trigger a Security policy rule action. Range is
        1
        -
        500
        .
        When you select
        Any (OR)
        , the maximum
        Count
        setting is one less than the total number of fields included in the
        Primary Field
        or
        Secondary Field
        .
      3. Select the
        Primary Fields
        values.
        The list of available values is populated from the selected EDM data set. You must select at least one primary field value.
        You’re required to add at least one column where the column values occurs up to 12 times in the selected EDM data set for the
        Primary Field
        . For example, if the EDM data set contains columns for first name, last name, social security number, and credit card number, add social security number and credit card in the primary field.
    6. (
      Optional
      ) Select the
      Secondary Field
      values.
      The list of available fields is populated from the selected EDM data set.
      For the best results for exact data matching, include any columns that could be repeated in the secondary field. For example, if the EDM data set contains columns for first name, last name, social security number, and credit card number, add first name and last name in the secondary field.
    7. (
      Optional
      )
      Add EDM Dataset
      to add additional data pattern conditions.
      Refer to the descriptions above to configure any additional data pattern conditions as needed.
    8. (
      Optional
      )
      Add Group
      to nest additional match criteria for an EDM data set so you can more accurately define your compliance rules.
      When you click
      Add Group
      , the new match criteria group is nested under the most recently added EDM data set. You can’t nest a new match criteria group between existing EDM data sets. If multiple EDM data sets are added, you must remove the EDM data sets that follow the EDM data set for which you want to add the nested match criteria. For example, you added
      EDM_Dataset1
      ,
      EDM_Dataset2
      , and
      EDM_Dataset3
      to the Primary Rule. If you wanted to added nested match criteria to
      EDM_Dataset2
      , you must first remove
      EDM_Dataset3
      from the Primary Rule.
      You can select the same EDM data set or a different EDM data set to more accurately define your compliance rules. Nesting match criteria is supported only when the data profile includes an EDM data set.
      Enterprise DLP
      supports up to three level of additional nesting groups for each EDM data set. You can nest additional EDM data sets under an EDM data set added to the Primary or Secondary Rule.
      Nested match criteria support the
      AND
      ,
      OR
      , and
      NOT
      operators. Refer to the descriptions above to configure the nested match criteria.
  3. (
    Optional
    ) Configure a Secondary Rule for the data profile.
    Data pattern match criteria added to the Secondary Rule block all traffic that meets the match criteria for the data pattern conditions. If you want to allow traffic that matches a data pattern match criteria, add it to the Primary Rule.
  4. Review the
    Data Profile Preview
    to verify the data profile match criteria.
  5. Save
    the data profile.
    After you save the data profile, it’s viewable on Panorama, Prisma Access (Panorama Managed), Cloud Management, and the DLP app.
  6. Verify that the data profile you created.
    • DLP App on the hub—
      Log in to the DLP app on the hub as a Superuser and select
      Data Profiles
      to view the data profile you created.
    • Cloud Management
      1. Select
        Manage
        Configuration
        Security Services
        Data Loss Prevention
        and search for the data profile you created.

Recommended For You