Update a Data Filtering Profile on Panorama

Modify an existing Enterprise data loss prevention (DLP) hybrid data filtering profile on the Panorama™ management server.
From the Panorama management server, you can edit and modify an existing data filtering profile you created on Panorama, SaaS Security, or the DLP app on the hub. Any changes you make to an existing data filtering profile from the DLP app on the hub is automatically synchronized to Panorama, Prisma Access (Panorama Managed), and Prisma SaaS where the data filtering profile is supported.
You cannot update or modify the data pattern match criteria for an EDM dataset or a data profile with data patterns and EDM datasets from Panorama. You can only update or modify the data filtering profile action from Panorama. Any changes you make to an EDM filtering profile or a hybrid data filtering profile commit successfully on Panorama are not reflected in the DLP app on the hub. See Update a Data Profile on the DLP App to update the match criteria for an EDM data filtering profile or a data profile with data patterns and EDM datasets.
If you update a data filtering profile to include a predefined data patterns, be sure to consider the detection type used by the predefined data patterns because the detection type determines how Enterprise data loss prevention (DLP) arrives at a verdict for scanned files. For example, when you create a data filtering profile that includes three machine learning (ML)-based data patterns and seven regex-based data patterns, Enterprise DLP will return verdicts based on the seven regex-based patterns whenever the scanned file exceeds 1MB.
  1. Select
    Objects
    DLP
    Data Filtering Profiles
    and specify the
    Device Group
    .
  2. Select a data filtering profile to edit.
  3. Edit the data filtering profile as needed.
    1. Modify the data filtering profile scan for
      File Based
      traffic,
      Non-File Based
      traffic, or both.
    2. Modify the
      Primary Pattern
      and
      Secondary Pattern
      match criteria.
      Modifying the data filtering profile match criteria on Panorama is supported only for Enterprise DLP data filtering profiles created on Panorama. See Create a Data Filtering Profile on Panorama for details on configuring data pattern criteria using predefined or custom data patterns.
    3. (
      Data Filtering Profile for Non-File Traffic Inspection Only
      ) Modify the
      URL Category Excluded List from Non-File
      and
      Application List Excluded from Non-File
      to configure which URL and application traffic is excluded from Enterprise DLP inspection.
    4. Edit the data filtering profile settings.
      Enterprise DLP supports editing the following data profile settings for a data profile with EDM datasets and a data profile with data patterns and EDM datasets from Panorama.
      • Select the data filtering profile
        Action
        (
        Alert
        or
        Block
        )
        If the data profile has both Primary and Secondary Patterns, changing the data filtering profile Action on Panorama deletes all Secondary Pattern match criteria.
      • Specify a
        File Type
        .
        Leave the file type as
        any
        to match any of the supported file types.
      • Set the
        Log Severity
        recorded for files that match this data filtering profile.
  4. Click
    OK
    .
  5. Commit and push your configuration changes to your managed firewalls that are leveraging Enterprise DLP.
    The
    Commit and Push
    command is not recommended for Enterprise DLP configuration changes. Using the
    Commit and Push
    command requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
    1. Select
      Commit
      Commit to Panorama
      and
      Commit
      .
    2. Select
      Commit
      Push to Devices
      and
      Edit Selections
      .
    3. Select
      Device Groups
      and
      Include Device and Network Templates
      .
    4. Click
      OK
      .
    5. Push
      your configuration changes to your managed firewalls that are leveraging Enterprise DLP.
  6. Verify the changes you made to the data filtering profile.
    1. Log in to the DLP app on the hub.
      If you do not already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.
    2. Select
      Data Profiles
      and search for the data filtering profile you updated.

Recommended For You