Create a Data Profile with EDM Datasets on Prisma Access (Cloud Managed)

Create an Enterprise data loss prevention (DLP) data profile using Exact Data Matching (EDM) datasets on Prisma Access (Cloud Managed).
Create a data profile with Exact Data Matching (EDM) datasets on Prisma Access (Cloud Managed). Data profiles with EDM datasets created on Prisma Access (Cloud Managed) are automatically synchronized with your Panorama™ management server so you can leverage the data profile in your Security policy rules. In order for the DLP cloud service to render a match verdict using on the data profile, scanned files containing primary and secondary field values must be within 100 character of each other. Otherwise, the DLP cloud service is unable to render a match verdict. Data profiles with EDM datasets created on Prisma Access (Cloud Managed) are viewable on Panorama, Prisma Access (Panorama Managed), Prisma Access (Cloud Managed), and the DLP app on the hub. Viewing a data profile created on Prisma Access (Cloud Managed) on Panorama requires Panorama plugin for Enterprise DLP 1.0.4 or later release.
After you set up the EDM CLI application and configure connectivity to the DLP cloud service, you must upload an encrypted EDM dataset to the DLP cloud service using a configuration file or in Interactive mode before you can create a data profile with EDM datasets.
Updating a data profile to include only data patterns is not supported if the data profile include at least one EDM dataset when it was initially created. However, update a data profile that includes only EDM datasets to include data patterns is supported.
See Create a Data Profile on Prisma Access (Cloud Managed) to create a data profile containing only predefined or custom data patterns.
  1. Select
    Manage
    Configuration
    Security Services
    Data Loss Prevention
    Data Profiles
    and
    Add Data Profiles
    With EDM or a combination of EDM and Data Patterns
    .
    You can also create a new data profile by copying an existing data profile. This allows you to quickly modify an existing data profile with additional match criteria while preserving the original data profile from which the new data profile was copied.
    Data profiles created by copying an existing data profile are appended with
    Copy - <name_of_original_data_profile>
    . This name can be edited as needed.
    Adding an EDM dataset to a copied data profile is supported only if the original data profile had an EDM dataset to begin with. Adding an EDM dataset to a data profile that does not already have an EDM dataset is not supported.
  2. Create the Primary Rule for the data profile.
    1. Enter a descriptive
      Data Profile Name
      .
    2. For the Primary Rule,
      Add Rule
      and
      EDM Dataset
      .
      The list of available data sets are the EDM data sets uploaded using the EDM CLI application.
    3. Specify the
      Occurrences
      required to trigger a Security policy rule action.
      The occurrences value you configure determine how many times values in the Primary Field and Secondary Fields are encountered before triggering an action.
    4. Select the
      Primary Field
      values.
      The list of available values is populated from the selected EDM data set. You must select at least one primary field value.
      You are required to add at least one column where the column values occurs up to 12 times in the selected EDM data set for the
      Primary Field
      . For example, if the EDM data set contains columns for first name, last name, social security number, and credit card number, add social security number and credit card in the primary field.
    5. (
      Optional
      ) Select the
      Secondary Field
      values.
      The list of available fields is populated from the selected EDM data set.
      For the best results for exact data matching, include any columns that could be repeated in the secondary field. For example, if the EDM data set contains columns for first name, last name, social security number, and credit card number, add first name and last name in the secondary field.
    6. (
      Optional
      )
      Add EDM Dataset
      to add additional data pattern conditions using
      AND
      or
      OR
      operators to the Primary Rule.
      Refer to the descriptions above to configure any additional data pattern conditions as needed.
    7. Configure the match criteria for a Security policy rule action based on the values in the primary and secondary fields.
      When you select
      Any (OR)
      , the maximum
      Count
      setting is one less than the total number of fields included in the
      Primary Field
      or
      Secondary Field
      .
      Configure whether an action if
      Any (OR)
      or
      All (AND)
      primary fields are matched and if
      Any (OR)
      or
      All (AND)
      secondary fields are matched.
      For example, you configure the data profile to scan for at least 20 occurrences that match for All primary fields and Any secondary fields with a match count of 3. When applied to a Security policy rule, an action is taken when a scanned file contains at least 20 matches to all primary field values and any 3 of the secondary field values.
    8. (
      Optional
      )
      Add Group
      to nest additional match criteria for an EDM dataset so you can more accurately define your compliance rules.
      When you click
      Add Group
      , the new match criteria group is nested under the most recently added EDM dataset. You cannot nest a new match criteria group between existing EDM datasets. If multiple EDM datasets are added, you must remove the EDM datasets that follow the EDM dataset for which you want to added the nested match criteria. For example, you added
      EDM_Dataset1
      ,
      EDM_Dataset2
      , and
      EDM_Dataset3
      to the Primary Rule. If you wanted to added nested match criteria to
      EDM_Dataset2
      , you must first remove
      EDM_Dataset3
      from the Primary Rule.
      You can select the same EDM dataset or a different EDM dataset to more accurately define your compliance rules. Nesting match criteria is supported only when the data profile includes an EDM dataset. Enterprise DLP supports up to 3 level of additional nesting groups for each EDM dataset. You can nest additional EDM datasets under an EDM dataset added to the Primary or Secondary Rule.
      Nested match criteria support the
      AND
      ,
      OR
      , and
      NOT
      operators. Refer to the descriptions above to configure the nested match criteria.
  3. (
    Optional
    ) Configure a Secondary Rule for the data profile.
    Data pattern match criteria added to the Secondary Rule block all traffic that meet the match criteria for the data pattern conditions. If you want to allow traffic that matches a data pattern match criteria, add it to the Primary Rule.
  4. Review the
    Data Profile Preview
    to verify the data profile match criteria.
  5. Save
    the data profile.
    After you save the data profile, it is viewable on Panorama, Prisma Access (Panorama Managed), Prisma Access (Cloud Managed), Prisma SaaS, and the DLP app.
  6. Verify that the data profile you created.

Recommended For You