Create a Data Pattern on Panorama

Log in to the Panorama web interface.
Select
Objects
DLP
Data Filtering Patterns
and specify the
Device Group
.
Add
a new data pattern.
Specify a
Type
and criteria for the data pattern and specify a
Name
.
Use any of the following data pattern types:
Regular Expression
—Create regular expressions to use in the data pattern.
You can choose
Basic
or
Advanced
data patterns. Use the
Advanced
data pattern to create a basic or weighted regular expression. With weighted regular expressions, each text entry is assigned a score and when the score threshold is exceeded, such as when enough expressions from a pattern match an asset, Enterprise DLP will indicate that the asset is a match for the pattern.
Then use the query builder in the
Regular Expressions
field to add either regular (
Basic
) or weighted (
Advanced
) expressions.
You can enter one or more
Proximity Keywords
to use with the data filtering pattern. Use proximity keywords in a data filtering profile with a high level of confidence. When you upload a file, the managed firewall looks for the proximity keywords you specify within the first 200 characters of the regular expressions before it considers the specified data pattern to be a match in the file.
File Property
—Add a file property pattern on which to match.
For data governance and protection of information, if you use classification labels or embed tags in MS Office and PDF documents to include more information for audit and tracking purposes, you can create a file property data pattern to match on the metadata or attributes that are part of the custom or extended properties in the file. Regardless whether you use an automated classification mechanism, such as Titus, or whether require users to add a tag, you can specify a name-value pair on which to match on a custom or extended property embedded in the file.
Enterprise DLP supports file property data patterns in MS Office and PDF documents and supports both the OLE (.doc/.ppt) and XML (.docx/.pptx) formats of MS Office.
Then add a
Tag Name
and
Tag Value
.
A
Tag Name
and
Tag Value
are an associated pair that specifies the property for which you want to look (for example, you can specify a
Tag Name
of
Label
and a
Tag Value
of
Confidential
). You can add as many file properties as you’d like and when you later reference the file property data pattern in a data filtering profile, Enterprise DLP will use a boolean OR match in the match criteria.
For files protected with Microsoft Azure Information Protection (AIP), you must enter the full AIP label
Name
that you want to take action on. This can be either the
MSIP_Label_<GUID>_Enabled
label name or the
Sensitivity
label name.
Click
OK
to save the data pattern.
Commit and push your configuration changes to your managed firewalls that are leveraging Enterprise DLP.
The
Commit and Push
command is not recommended for Enterprise DLP configuration changes. Using the
Commit and Push
command requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
Select
Commit
Commit to Panorama
and
Commit
.
Select
Commit
Push to Devices
and
Edit Selections
.
Select
Device Groups
and
Include Device and Network Templates
.
Click
OK
.
Push
your configuration changes to your managed firewalls that are leveraging Enterprise DLP.
Create a Data Filtering Profile on Panorama using one or more data patterns.