Create a Data Pattern on Panorama

Create a data pattern to identify sensitive information on your network.
After you set up Enterprise DLP on Panorama or Prisma Access (Panorama Managed), create data patterns to specify the match criteria and identify patterns using regular expressions, file properties, or keywords that represent sensitive information on your network. All data patterns created are shared across all device groups.
  1. Select
    Objects
    DLP
    DLP Data Patterns
    and specify the
    Device Group
    .
  2. Add
    a new data pattern.
  3. Specify a
    Type
    and criteria for the data pattern and give it a
    Name
    .
    Use following data pattern type:
    • Regular Expression
      —Create regular expressions to use in the data pattern.
      You can choose
      Basic
      or
      Advanced
      data patterns. Use the
      Advanced
      data pattern to create a basic or weighted regular expression. With weighted regular expressions, each text entry is assigned a score, and when the score threshold is exceeded, such as enough expressions from a pattern match an asset, the asset will be indicated as a match for the pattern.
      You then use the query builder in the
      Regular Expressions
      area to add expressions, either regular (
      Basic
      ) or weighted (
      Advanced
      ).
      You can enter one or more
      Proximity Keywords
      to use with the Data Filtering pattern. Use proximity keywords in a data filtering profile with a High Confidence. When you upload a file, the managed firewall looks for the proximity keywords you specify within 200 characters of the regular expressions before it considers the specified data pattern to be a match in the file.
    • File Property
      —Add a file property pattern to match.
      For data governance and protection of information, if you use classification labels or embed tags in MS Office and PDF documents to include more information for audit and tracking purposes, you can create a file property data pattern to match on the metadata or attributes that are a part of the custom or extended properties in the file. Regardless of whether you use an automated classification mechanism such as Titus or require users to add a tag, you can specify a name-value pair to match on a custom or extended property embedded in the file.
      Enterprise DLP supports file property data patterns in MS Office and PDF documents. Both the OLE (.doc/.ppt) or XML (.docx/.pptx) formats of MS Office are supported.
      You then add a
      Tag Name
      and
      Tag Value
      .
      A
      Tag Name
      and
      Tag Value
      are an associated pair that specifies the property that you want to look for (for example, you can specify a
      Tag Name
      of
      Label
      and a
      Tag Value
      of
      Confidential
      ). You can add as many file properties as you’d like. When you later reference the file property data pattern in a data filtering profile, a boolean OR match is used in the match criteria.
  4. Click
    OK
    to save the data pattern.
  5. Commit and push your configuration changes to your managed firewalls leveraging Enterprise DLP.
    While a performing a
    Commit and Push
    is supported, it is not recommended for Enterprise DLP configuration changes and requires you to manually select the impacted templates and managed firewalls in the Push Scope Selection.
    1. Select
      Commit
      Commit to Panorama
      and
      Commit
      your configuration changes.
    2. Select
      Commit
      Push to Devices
      and
      Edit Selections
      .
    3. Select
      Device Groups
      and
      Include Device and Network Templates
      .
    4. Click
      OK
      .
    5. Push
      your configuration changes to your managed firewalls.
  6. Create a Data Filtering Profile on Panorama using one or more data patterns.

Recommended For You