: Create a File Property Data Pattern on Cloud Management
Focus
Focus

Create a File Property Data Pattern on Cloud Management

Table of Contents

Create a File Property Data Pattern on Cloud Management

Create an Enterprise data loss prevention (DLP) file property data pattern for Prisma Access (Cloud Managed) and SaaS Security on Cloud Management.
Create an Enterprise data loss prevention (DLP) data pattern using file properties for Prisma Access (Cloud Managed) and SaaS Security on Cloud Management to specify the match criteria and identify patterns that represent sensitive information on your network. All data patterns you create are shared across all Prisma Access (Cloud Managed) and SaaS Security deployments associated with the tenant. After you successfully create a custom data pattern, it is automatically synchronized to the DLP app on the hub. All file property data patterns created on Cloud Management can be edited and copied as needed.
  1. Select
    Manage
    Configuration
    Security Services
    Data Loss Prevention
    Detection Methods
    Data Patterns
    .
  2. Add Data Patterns
    and select
    File Property
    .
    You can also create a new file property data pattern by copying an existing file property data pattern. To copy a custom data pattern, select the data pattern name to view the data pattern details and copy ( ). You can then configure the file property data pattern you copied as needed.
  3. Enter a descriptive
    Data Pattern Name
    .
  4. (
    Optional
    ) Enter a
    Description
    for the data pattern.
  5. Define the file property data pattern.
    Enterprise DLP
    supports file property data patterns in MS Office and PDF documents and supports both the OLE (.doc/.ppt) and XML (.docx/.pptx) formats of MS Office.
    1. Select the
      File Property Type
      .
      Leave the
      File Property Type
      empty if you plan to use
      keyword
      as the file property
      Name
      . This is required to successfully match traffic against the
      keyword
      file property.
      Enterprise DLP
      supports the following file property types.
      • AIP Tags
        Microsoft Azure Information Protection (AIP) labels used to classify and protect documents and emails.
        Only one AIP Tag entry is supported per data pattern. However, you can add up to 10 AIP Tag values to an AIP Tag entry using
        ;
        as a separator. For example,
        msip_label_defa4170-0d19-0005-000b-bc88714345d2_contentbits=10;
        msip_label_defa4170-0d19-0005-000b-bc76701345f1_contentbits=10
        .
      • Asset Name
        —File name for files you want to prevent exfiltration.
        Only one Asset Name entry is supported per data pattern. However, you can add up to 100 Asset Name values to an Asset Name entry using
        ;
        as a separator. For example,
        notes; billing-info;customer-data
        .
        Fully formed regex expressions are supported for the Asset Name value. Wildcards are not supported. For example,
        (?i)(\W|^)(ssn|social|security\security|credit\card|phone|credit\card)(\W|$)
        .
      • Author
        —File owner first and last name in the asset metadata.
        Only one Author entry is supported per data pattern. However, you can add up to 100 Author values to an Author entry using
        ;
        as a separator. For example,
        Bill Smith; john doe; leslieBarnes
        .
        The Author values are case and space insensitive.
        The Author file property type is not supported for source code files.
      • File Extension
        —Specify one or more file types supported by
        Enterprise DLP
        .
        Only one File Extension entry is supported per data pattern. However, you can add up to 100 File Extension values to a File Extension entry using
        ;
        as a separator. For example,
        .pdf;.csv;.rtf
        .
        To scan files based on a specific file extension, the file extension must be included in the file name.
      • File SHA
        —String of letters and numbers that represent a long checksum. Only SHA-256 are supported.
        Only one File SHA entry is supported per data pattern. However, you can add up to 100 File SHA values to an File SHA entry using
        ;
        as a separator. For example,
        CA4D03E8F8A495AA671930184A04275E050D096B9E7E3CF693E0AB12898F3A46;5C4753EAE1F27F0D7EDB5F3245155F668BF5B86A8B3BB2D86F32C65692837F79
        .
      • Extended Properties
        —Unique
        Advanced
        properties added to Microsoft Suite (Word, Excel, PPT, PDF) file properties that are not the default
        General
        properties.
        Multiple Extended Properties entries are supported per data pattern.
      • Custom
        —Unique
        Custom
        properties added to Microsoft Suite (Word, Excel, PPT, PDF) file properties that are not the default
        General
        properties.
        Multiple Custom entries are supported per data pattern.
    2. Select the file property
      Name
      .
      For files protected with AIP labels, you must enter the full AIP label
      Name
      that you want to take action on. This must be the
      MSIP_Label_<GUID>_Enabled
      label name.
    3. Enter the file property
      Value
      .
    4. (
      Optional
      )
      Add File Property
      to define additional file property patterns.
  6. Save
    the data pattern.

Recommended For You