: Create a File Property Data Pattern on the DLP App
Focus
Focus

Create a File Property Data Pattern on the DLP App

Table of Contents

Create a File Property Data Pattern on the DLP App

Create an
Enterprise Data Loss Prevention (E-DLP)
file property data pattern on the DLP app on the hub.
Create an
Enterprise Data Loss Prevention (E-DLP)
file property data pattern to specify the match criteria for sensitive information based on the metadata or attributes that are part of your custom files. After you successfully create a custom data pattern, it’s automatically synchronized to the Panorama management server managing your
Enterprise DLP
firewalls and to
Cloud Management
. All file property data patterns created on the DLP app can be edited and copied as needed.
  1. Log in to the DLP app on the hub.
    If you don’t already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.
  2. Select
    Detection Methods
    Data Patterns
    and
    Add Data Patterns
    .
    You can also create a new custom data pattern by copying an existing custom data pattern. To copy a custom data pattern, expand the Actions column for the data pattern you want to copy and
    Clone
    the data pattern. You can then configure the custom data pattern you copied as needed.
  3. Select the
    File Property
    data pattern.
  4. (
    Optional
    ) Enter a
    Description
    for the data pattern.
  5. Define the file property data pattern.
    Enterprise DLP
    supports file property data patterns in MS Office and PDF documents and supports both the OLE (.doc/.ppt) and XML (.docx/.pptx) formats of MS Office.
    1. Select the
      File Property Type
      .
      Leave the
      File Property Type
      empty if you plan to use
      keyword
      as the file property
      Name
      . This is required to successfully match traffic against the
      keyword
      file property.
      Enterprise DLP
      supports the following file property types.
      • AIP Tags
        Microsoft Azure Information Protection (AIP) labels used to classify and protect documents and emails.
        Only one AIP Tag entry is supported per data pattern. However, you can add up to 10 AIP Tag values to an AIP Tag entry using
        ;
        as a separator. For example,
        msip_label_defa4170-0d19-0005-000b-bc88714345d2_contentbits=10;
        msip_label_defa4170-0d19-0005-000b-bc76701345f1_contentbits=10
        .
      • Asset Name
        —File name for files you want to prevent exfiltration.
        Only one Asset Name entry is supported per data pattern. However, you can add up to 100 Asset Name values to an Asset Name entry using
        ;
        as a separator. For example,
        notes; billing-info;customer-data
        .
        Fully formed regex expressions are supported for the Asset Name value. Wildcards are not supported. For example,
        (?i)(\W|^)(ssn|social|security\security|credit\card|phone|credit\card)(\W|$)
        .
      • Author
        —File owner first and last name in the asset metadata.
        Only one Author entry is supported per data pattern. However, you can add up to 100 Author values to an Author entry using
        ;
        as a separator. For example,
        Bill Smith; john doe; leslieBarnes
        .
        The Author values are case and space insensitive.
        The Author file property type is not supported for source code files.
      • File Extension
        —Specify one or more file types supported by
        Enterprise DLP
        .
        Only one File Extension entry is supported per data pattern. However, you can add up to 100 File Extension values to a File Extension entry using
        ;
        as a separator. For example,
        .pdf;.csv;.rtf
        .
        To scan files based on a specific file extension, the file extension must be included in the file name.
      • File SHA
        —String of letters and numbers that represent a long checksum. Only SHA-256 are supported.
        Only one File SHA entry is supported per data pattern. However, you can add up to 100 File SHA values to an File SHA entry using
        ;
        as a separator. For example,
        CA4D03E8F8A495AA671930184A04275E050D096B9E7E3CF693E0AB12898F3A46;5C4753EAE1F27F0D7EDB5F3245155F668BF5B86A8B3BB2D86F32C65692837F79
        .
      • Extended Properties
        —Unique
        Advanced
        properties added to Microsoft Suite (Word, Excel, PPT, PDF) file properties that are not the default
        General
        properties.
        Multiple Extended Properties entries are supported per data pattern.
      • Custom
        —Unique
        Custom
        properties added to Microsoft Suite (Word, Excel, PPT, PDF) file properties that are not the default
        General
        properties.
        Multiple Custom entries are supported per data pattern.
    2. Select the file property
      Name
      .
      For files protected with AIP labels, you must enter the full AIP label
      Name
      that you want to take action on. This must be the
      MSIP_Label_<GUID>_Enabled
      label name.
    3. Enter the file property
      Value
      .
    4. (
      Optional
      )
      Add File Property
      to define additional file property patterns.
  6. Save
    the data pattern.

Recommended For You