Create a Data Pattern on Panorama
Table of Contents
Expand all | Collapse all
- About Enterprise DLP
- Setup Prerequisites for Enterprise DLP
- Supported Enterprise DLP Data Profile Actions
- Supported Features for Enterprise DLP
- Predefined Data Patterns
- Predefined ML-Based Data Patterns
- Predefined Data Filtering Profiles
- Request a New Feature
- Install the Enterprise DLP Plugin on Panorama
- Enable Enterprise DLP for Managed Firewalls
- Uninstall the Enterprise DLP Plugin on Panorama
- Register and Activate Enterprise DLP on Prisma Access (Panorama Managed)
- Edit the Enterprise DLP Snippet Settings on the DLP App
- Enable Role Based Access to Enterprise DLP on Strata Cloud Manager
- Enable Optical Character Recognition on Strata Cloud Manager
- Enable Optical Character Recognition for Enterprise DLP
- Configure Regular Expressions
- Create a Data Pattern on Panorama
- Create a Data Profile on the DLP App
- Create a Data Profile with EDM Data Sets on the DLP App
- Create a Data Profile with Data Patterns and EDM Data Sets on the DLP App
- Create a Data Profile with Nested Data Profiles on the DLP App
- Create a Data Profile on Strata Cloud Manager
- Create a Data Profile with EDM Data Sets on Strata Cloud Manager
- Create a Data Profile with Data Patterns and EDM Data Sets on Strata Cloud Manager
- Create a Data Profile with Nested Data Profiles on Strata Cloud Manager
- Create a Data Filtering Profile on Panorama
- Create a Data Filtering Profile on Panorama for Non-File Detection
- Update a Data Profile on the DLP App
- Update a Data Profile on Strata Cloud Manager
- Update a Data Filtering Profile on Panorama
- Enable Existing Data Patterns and Filtering Profiles
- Reduce False Positive Detections
- Supported EDM Data Set Formats
- Set Up the EDM CLI Application
- Configure Connectivity to the DLP Cloud Service
- Create and Upload an Encrypted EDM Data to the DLP Cloud Service in Interactive Mode
- Update an Existing EDM Data Set on the DLP Cloud Service
- About Enterprise DLP End User Alerting with Cortex XSOAR
- Setup Prerequisites for Enterprise DLP End User Alerting with Cortex XSOAR
- Respond to Blocked Traffic Using Enterprise DLP End User Alerting with Cortex XSOAR
- View the Enterprise DLP End User Alerting with Cortex XSOAR Response History
- How Does Email DLP Work?
- Activate Email DLP
- Connect Microsoft Exchange and Enterprise DLP
- Create a Microsoft Exchange Outbound Connector
- Create a Microsoft Exchange Inbound Connector
- Create an Email DLP Sender Alert Policy
- Obtain Your Microsoft Exchange Domain and Relay Host
- Add an Enterprise DLP Email Policy
- Review Email DLP Incidents
- Why Are Emails Not Being Blocked?
- Recommendations for Security Policy Rules
- Monitor DLP Status with the DLP Health and Telemetry App
- View Enterprise DLP Log Details on the DLP App
- Manage Enterprise DLP Incidents on the DLP App
- View Enterprise DLP Audit Logs on the DLP App
- View Enterprise DLP Log Details on Strata Cloud Manager
- Manage Enterprise DLP Incidents on Strata Cloud Manager
- View Enterprise DLP Audit Logs on Strata Cloud Manager
- View Enterprise DLP Log Details on Panorama
- Reasons for Inspection Failure
- Set Up SFTP Storage to Save Evidence for Panorama
- Set Up SFTP Storage to Save Evidence for Strata Cloud Manager
- Download Files for Evidence Analysis on Panorama
- Download Files for Evidence Analysis on Strata Cloud Manager
Create a Data Pattern on Panorama
Create a data pattern to identify sensitive information on your network when using
Enterprise Data Loss Prevention (E-DLP).
Where Can I Use This?
What Do I Need?
After you set up
Enterprise Data Loss Prevention (E-DLP)on
Prisma Access (Panorama Managed), create data patterns to specify the match criteria and identify patterns using regular expressions, file properties, and keywords that represent sensitive information on your network. All data patterns you create are shared across all device groups. After you successfully commit a custom data pattern to
Panorama, it’s automatically synchronized to the DLP app on the hub.
- Selectand specify theObjectsDLPData Filtering PatternsDevice Group.
- Adda new data pattern.
- Specify aTypeand criteria for the data pattern and specify aName.Use any of the following data pattern types:
- Regular Expression—Create regular expressions to use in the data pattern.You can chooseBasicorAdvanceddata patterns. Use theAdvanceddata pattern to create a basic or weighted regular expression. With weighted regular expressions, each text entry is assigned a score and when the score threshold is exceeded, such as when enough expressions from a pattern match an asset,Enterprise DLPwill indicate that the asset is a match for the pattern.Then use the query builder in theRegular Expressionsfield to add either regular (Basic) or weighted (Advanced) expressions.You can enter one or moreProximity Keywordsto use with the data filtering pattern. Proximity keywords aren’t case-sensitive. You can enter one or more proximity keywords to increase the probabilityEnterprise DLPaccurately detects a regular expression match. Proximity keywords impact theEnterprise DLPconfidence level, which reflects how confidentEnterprise DLPis when detecting matched traffic.Enterprise DLPdetermines confidence level by inspecting the distance of regular expressions to proximity keywords.
- File Property—Add a file property pattern on which to match.For data governance and protection of information, if you use classification labels or embed tags in MS Office and PDF documents to include more information for audit and tracking purposes, you can create a file property data pattern to match on the metadata or attributes that are part of the custom or extended properties in the file. Regardless whether you use an automated classification mechanism, such as Titus, or whether require users to add a tag, you can specify a name-value pair on which to match on a custom or extended property embedded in the file.Enterprise DLPsupports file property data patterns in MS Office and PDF documents and supports both the OLE (.doc/.ppt) and XML (.docx/.pptx) formats of MS Office.Then add aTag NameandTag Value.ATag NameandTag Valueare an associated pair that specifies the property for which you want to look (for example, you can specify aTag NameofLabeland aTag ValueofConfidential). You can add as many file properties as you’d like and when you later reference the file property data pattern in a data filtering profile,Enterprise DLPwill use a boolean OR match in the match criteria.For files protected with Microsoft Azure Information Protection (AIP), you must enter the full AIP labelNamethat you want to take action on. This can be either theMSIP_Label_<GUID>_Enabledlabel name or theSensitivitylabel name.
- ClickOKto save the data pattern.
- Commit and push your configuration changes to your managed firewalls that are usingEnterprise DLP.TheCommit and Pushcommand isn’t recommended forEnterprise DLPconfiguration changes. Using theCommit and Pushcommand requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
- SelectandCommitCommit toPanoramaCommit.
- SelectandCommitPush to DevicesEdit Selections.
- SelectDevice GroupsandInclude Device and Network Templates.
- Pushyour configuration changes to your managed firewalls that are usingEnterprise DLP.
- Create a Data Filtering Profile on Panorama using one or more data patterns.