Create a File Property Data Pattern on the DLP App
Table of Contents
Expand all | Collapse all
-
- Register and Activate Enterprise DLP on Prisma Access (Panorama Managed)
- Edit the Enterprise DLP Snippet Settings on the DLP App
- Enable Role Based Access to Enterprise DLP on Cloud Management
- Enable Optical Character Recognition on Cloud Management
- Enable Optical Character Recognition for Enterprise DLP
-
-
- Create a Data Profile on the DLP App
- Create a Data Profile with EDM Data Sets on the DLP App
- Create a Data Profile with Data Patterns and EDM Data Sets on the DLP App
- Create a Data Profile with Nested Data Profiles on the DLP App
- Create a Data Profile on Cloud Management
- Create a Data Profile with EDM Data Sets on Cloud Management
- Create a Data Profile with Data Patterns and EDM Data Sets on Cloud Management
- Create a Data Profile with Nested Data Profiles on Cloud Management
- Create a Data Filtering Profile on Panorama
- Create a Data Filtering Profile on Panorama for Non-File Detection
- Update a Data Profile on the DLP App
- Update a Data Profile on Cloud Management
- Update a Data Filtering Profile on Panorama
- Enable Existing Data Patterns and Filtering Profiles
-
- How Does Email DLP Work?
- Activate Email DLP
- Add an Enterprise DLP Email Policy
- Review Email DLP Incidents
-
- Monitor DLP Status with the DLP Health and Telemetry App
- View Enterprise DLP Log Details on the DLP App
- Manage Enterprise DLP Incidents on the DLP App
- View Enterprise DLP Audit Logs on the DLP App
- View Enterprise DLP Log Details on Cloud Management
- Manage Enterprise DLP Incidents on Cloud Management
- View Enterprise DLP Audit Logs on Cloud Management
- View Enterprise DLP Log Details on Panorama
Create a File Property Data Pattern on the DLP App
Create an
Enterprise Data Loss Prevention (E-DLP)
file property data pattern on the DLP app on the
hub.Create an
Enterprise Data Loss Prevention (E-DLP)
file property data pattern to specify the match
criteria for sensitive information based on the metadata or attributes that are part
of your custom files. After you successfully create a custom data pattern, it’s
automatically synchronized to the Panorama management server managing your Enterprise DLP
firewalls and to Cloud Management
. All file property data
patterns created on the DLP app can be edited and copied as needed.- Log in to the DLP app on the hub.If you don’t already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.
- SelectandDetection MethodsData PatternsAdd Data Patterns.You can also create a new custom data pattern by copying an existing custom data pattern. To copy a custom data pattern, expand the Actions column for the data pattern you want to copy andClonethe data pattern. You can then configure the custom data pattern you copied as needed.
- Select theFile Propertydata pattern.
- (Optional) Enter aDescriptionfor the data pattern.
- Define the file property data pattern.Enterprise DLPsupports file property data patterns in MS Office and PDF documents and supports both the OLE (.doc/.ppt) and XML (.docx/.pptx) formats of MS Office.
- Select theFile Property Type.Leave theFile Property Typeempty if you plan to usekeywordas the file propertyName. This is required to successfully match traffic against thekeywordfile property.Enterprise DLPsupports the following file property types.
- AIP Tags—Microsoft Azure Information Protection (AIP) labels used to classify and protect documents and emails.Only one AIP Tag entry is supported per data pattern. However, you can add up to 10 AIP Tag values to an AIP Tag entry using;as a separator. For example,msip_label_defa4170-0d19-0005-000b-bc88714345d2_contentbits=10;.msip_label_defa4170-0d19-0005-000b-bc76701345f1_contentbits=10
- Asset Name—File name for files you want to prevent exfiltration.Only one Asset Name entry is supported per data pattern. However, you can add up to 100 Asset Name values to an Asset Name entry using;as a separator. For example,notes; billing-info;customer-data.Fully formed regex expressions are supported for the Asset Name value. Wildcards are not supported. For example,(?i)(\W|^)(ssn|social|security\security|credit\card|phone|credit\card)(\W|$).
- Author—File owner first and last name in the asset metadata.Only one Author entry is supported per data pattern. However, you can add up to 100 Author values to an Author entry using;as a separator. For example,Bill Smith; john doe; leslieBarnes.The Author values are case and space insensitive.The Author file property type is not supported for source code files.
- Only one File Extension entry is supported per data pattern. However, you can add up to 100 File Extension values to a File Extension entry using;as a separator. For example,.pdf;.csv;.rtf.To scan files based on a specific file extension, the file extension must be included in the file name.
- File SHA—String of letters and numbers that represent a long checksum. Only SHA-256 are supported.Only one File SHA entry is supported per data pattern. However, you can add up to 100 File SHA values to an File SHA entry using;as a separator. For example,CA4D03E8F8A495AA671930184A04275E050D096B9E7E3CF693E0AB12898F3A46;5C4753EAE1F27F0D7EDB5F3245155F668BF5B86A8B3BB2D86F32C65692837F79.
- Extended Properties—UniqueAdvancedproperties added to Microsoft Suite (Word, Excel, PPT, PDF) file properties that are not the defaultGeneralproperties.Multiple Extended Properties entries are supported per data pattern.
- Custom—UniqueCustomproperties added to Microsoft Suite (Word, Excel, PPT, PDF) file properties that are not the defaultGeneralproperties.Multiple Custom entries are supported per data pattern.
- Select the file propertyName.For files protected with AIP labels, you must enter the full AIP labelNamethat you want to take action on. This must be theMSIP_Label_<GUID>_Enabledlabel name.
- Enter the file propertyValue.
- (Optional)Add File Propertyto define additional file property patterns.
- Savethe data pattern.
- Create a data profile on the DLP app.