Create a Data Profile with EDM Datasets on the DLP App

Log in to the DLP app on the hub.
If you do not already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.
Select
Data Profiles
Add Data Profile
With EDM or a combination of EDM and Data Patterns
.
You can also create a new data profile by copying an existing data profile. This allows you to quickly modify an existing data profile with additional match criteria while preserving the original data profile from which the new data profile was copied.
Data profiles created by copying an existing data profile are appended with
Copy - <name_of_original_data_profile>
. This name can be edited as needed.
Adding an EDM dataset to a copied data profile is supported only if the original data profile had an EDM dataset to begin with. Adding an EDM dataset to a data profile that does not already have an EDM dataset is not supported.
Create the Primary Rule for the data profile.
Enter a descriptive
Data Profile Name
.
For the Primary Rule, select the operator (
AND
or
OR
) and
Add EDM Dataset
.
Select the EDM dataset to include.
The list of available data sets are the EDM data sets uploaded using the EDM CLI application.
Specify the
Occurrences
required to trigger a Security policy rule action.
The occurrences value you configure determine how many times values in the Primary Field and Secondary Fields are encountered before triggering an action.
Select the
Primary Field
values.
The list of available values is populated from the selected EDM data set. You must select at least one primary field value.
You are required to add at least one column where the column values occurs up to 12 times in the selected EDM data set for the
Primary Field
. For example, if the EDM data set contains columns for first name, last name, social security number, and credit card number, add social security number and credit card in the primary field.
(
Optional
) Select the
Secondary Field
values.
The list of available fields is populated from the selected EDM data set.
For the best results for exact data matching, include any columns that could be repeated in the secondary field. For example, if the EDM data set contains columns for first name, last name, social security number, and credit card number, add first name and last name in the secondary field.
(
Optional
)
Add EDM Dataset
to add additional data pattern conditions using
AND
or
OR
operators to the Primary Rule.
Refer to the descriptions above to configure any additional data pattern conditions as needed.
Configure the match criteria for a Security policy rule action based on the values in the primary and secondary fields.
When you select
Any (OR)
, the maximum
Count
setting is one less than the total number of fields included in the
Primary Field
or
Secondary Field
.
Configure whether an action if
Any (OR)
or
All (AND)
primary fields are matched and if
Any (OR)
or
All (AND)
secondary fields are matched.
For example, you configure the data profile to scan for at least 20 occurrences that match for All primary fields and Any secondary fields with a match count of 3. When applied to a Security policy rule, an action is taken when a scanned file contains at least 20 matches to all primary field values and any 3 of the secondary field values.
(
Optional
)
Add Group
to nest additional match criteria for an EDM dataset so you can more accurately define your compliance rules.
When you click
Add Group
, the new match criteria group is nested under the most recently added EDM dataset. You cannot nest a new match criteria group between existing EDM datasets. If multiple EDM datasets are added, you must remove the EDM datasets that follow the EDM dataset for which you want to added the nested match criteria. For example, you added
EDM_Dataset1
,
EDM_Dataset2
, and
EDM_Dataset3
to the Primary Rule. If you wanted to added nested match criteria to
EDM_Dataset2
, you must first remove
EDM_Dataset3
from the Primary Rule.
You can select the same EDM dataset or a different EDM dataset to more accurately define your compliance rules. Nesting match criteria is supported only when the data profile includes an EDM dataset. Enterprise DLP supports up to 3 level of additional nesting groups for each EDM dataset. You can nest additional EDM datasets under an EDM dataset added to the Primary or Secondary Rule.
Nested match criteria support the
AND
,
OR
, and
NOT
operators. Refer to the descriptions above to configure the nested match criteria.
(
Optional
) Configure a Secondary Rule for the data profile.
Data pattern match criteria added to the Secondary Rule block all traffic that meet the match criteria for the data patterns by default and cannot be modified. If you want to allow traffic that matches a data pattern match criteria, add it to the Primary Rule.
Review the
Data Profile Preview
to verify the data profile match criteria.
Save
the data profile.
Saved profiles are automatically synchronized to Panorama so you can apply the profile to a Security policy rule.

Verify that the data profile you created.
DLP App on the hub—
Log in to the DLP app on the hub as a Superuser and select
Data Profiles
to view the data profile you created.
Prisma Access (Cloud Managed)
Launch Prisma Access.
Select
Manage
Configuration
Security Services
Data Loss Prevention
and search for the data profile you created.
Panorama and Prisma Access (Panorama Managed)
See Update a Data Filtering Profile on Panorama for more information on which data profile settings are editable on Panorama for a data profile created on Prisma Access (Cloud Managed).
Log in to the Panorama web interface.
Select
Objects
DLP
Data Filtering Profiles
and navigate to the data profile you created.
(
Optional
) Edit the data profile Action to block traffic.
The Action for a data profile created on the Prisma Access (Cloud Managed) is configured to
Alert
by default.
If the data profile has both Primary and Secondary Patterns, changing the data profile Action on Panorama deletes all Secondary Pattern match criteria.
Select the data profile created on Prisma Access (Cloud Managed).
Set the data profile Action to
Block
traffic that matches the data profile match criteria.
Select
Commit
Commit to Panorama
and
Commit
.
Click
OK
.
Select
Commit
Push to Devices
and
Edit Selections
.
Select
Device Groups
and
Include Device and Network Templates
.
Push
your configuration changes to your managed firewalls that are leveraging Enterprise DLP.
Attach the data profile to a Security policy rule.
Prisma Access (Cloud Managed)
—Modify a DLP Rule for Prisma Access on Cloud Management.
Panorama and Prisma Access (Panorama Managed)
Log in to the Panorama web interface.
Select
Policies
Security
and specify the
Device Group
.
Select the Security policy rule to which you want to add the data profile.
Select
Actions
and set the
Profile Type
to
Profiles
.
Select the
Data Filtering
profile you created.
Click
OK
.
Select
Commit
and
Commit and Push
.