: Create a Data Pattern on Panorama
Focus
Focus

Create a Data Pattern on Panorama

Table of Contents

Create a Data Pattern on Panorama

Create a data pattern to identify sensitive information on your network when using
Enterprise Data Loss Prevention (E-DLP)
.
After you set up
Enterprise Data Loss Prevention (E-DLP)
on Panorama or Prisma Access (Panorama Managed), create data patterns to specify the match criteria and identify patterns using regular expressions, file properties, and keywords that represent sensitive information on your network. All data patterns you create are shared across all device groups. After you successfully commit a custom data pattern to Panorama, it’s automatically synchronized to the DLP app on the hub.

  1. Select
    Objects
    DLP
    Data Filtering Patterns
    and specify the
    Device Group
    .
  2. Add
    a new data pattern.
  3. Specify a
    Type
    and criteria for the data pattern and specify a
    Name
    .
    Use any of the following data pattern types:
    • Regular Expression
      —Create regular expressions to use in the data pattern.
      You can choose
      Basic
      or
      Advanced
      data patterns. Use the
      Advanced
      data pattern to create a basic or weighted regular expression. With weighted regular expressions, each text entry is assigned a score and when the score threshold is exceeded, such as when enough expressions from a pattern match an asset,
      Enterprise DLP
      will indicate that the asset is a match for the pattern.
      Then use the query builder in the
      Regular Expressions
      field to add either regular (
      Basic
      ) or weighted (
      Advanced
      ) expressions.
      You can enter one or more
      Proximity Keywords
      to use with the data filtering pattern. Proximity keywords aren’t case-sensitive. You can enter one or more proximity keywords to increase the probability
      Enterprise DLP
      accurately detects a regular expression match. Proximity keywords impact the
      Enterprise DLP
      confidence level, which reflects how confident
      Enterprise DLP
      is when detecting matched traffic.
      Enterprise DLP
      determines confidence level by inspecting the distance of regular expressions to proximity keywords.
    • File Property
      —Add a file property pattern on which to match.
      For data governance and protection of information, if you use classification labels or embed tags in MS Office and PDF documents to include more information for audit and tracking purposes, you can create a file property data pattern to match on the metadata or attributes that are part of the custom or extended properties in the file. Regardless whether you use an automated classification mechanism, such as Titus, or whether require users to add a tag, you can specify a name-value pair on which to match on a custom or extended property embedded in the file.
      Enterprise DLP
      supports file property data patterns in MS Office and PDF documents and supports both the OLE (.doc/.ppt) and XML (.docx/.pptx) formats of MS Office.
      Then add a
      Tag Name
      and
      Tag Value
      .
      A
      Tag Name
      and
      Tag Value
      are an associated pair that specifies the property for which you want to look (for example, you can specify a
      Tag Name
      of
      Label
      and a
      Tag Value
      of
      Confidential
      ). You can add as many file properties as you’d like and when you later reference the file property data pattern in a data filtering profile,
      Enterprise DLP
      will use a boolean OR match in the match criteria.
      For files protected with Microsoft Azure Information Protection (AIP), you must enter the full AIP label
      Name
      that you want to take action on. This can be either the
      MSIP_Label_<GUID>_Enabled
      label name or the
      Sensitivity
      label name.
  4. Click
    OK
    to save the data pattern.
  5. Commit and push your configuration changes to your managed firewalls that are using
    Enterprise DLP
    .
    The
    Commit and Push
    command isn’t recommended for
    Enterprise DLP
    configuration changes. Using the
    Commit and Push
    command requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
    1. Select
      Commit
      Commit to Panorama
      and
      Commit
      .
    2. Select
      Commit
      Push to Devices
      and
      Edit Selections
      .
    3. Select
      Device Groups
      and
      Include Device and Network Templates
      .
    4. Click
      OK
      .
    5. Push
      your configuration changes to your managed firewalls that are using
      Enterprise DLP
      .
  6. Create a Data Filtering Profile on Panorama using one or more data patterns.

Recommended For You