Create a Security Policy Rule for ChatGPT on Prisma Access (Cloud Management)
Table of Contents
Expand all | Collapse all
-
- Register and Activate Enterprise DLP on Prisma Access (Panorama Managed)
- Edit the Enterprise DLP Snippet Settings on the DLP App
- Enable Role Based Access to Enterprise DLP on Cloud Management
- Enable Optical Character Recognition on Cloud Management
- Enable Optical Character Recognition for Enterprise DLP
-
-
- Create a Data Profile on the DLP App
- Create a Data Profile with EDM Data Sets on the DLP App
- Create a Data Profile with Data Patterns and EDM Data Sets on the DLP App
- Create a Data Profile with Nested Data Profiles on the DLP App
- Create a Data Profile on Cloud Management
- Create a Data Profile with EDM Data Sets on Cloud Management
- Create a Data Profile with Data Patterns and EDM Data Sets on Cloud Management
- Create a Data Profile with Nested Data Profiles on Cloud Management
- Create a Data Filtering Profile on Panorama
- Create a Data Filtering Profile on Panorama for Non-File Detection
- Update a Data Profile on the DLP App
- Update a Data Profile on Cloud Management
- Update a Data Filtering Profile on Panorama
- Enable Existing Data Patterns and Filtering Profiles
-
- How Does Email DLP Work?
- Activate Email DLP
- Add an Enterprise DLP Email Policy
- Review Email DLP Incidents
-
- Monitor DLP Status with the DLP Health and Telemetry App
- View Enterprise DLP Log Details on the DLP App
- Manage Enterprise DLP Incidents on the DLP App
- View Enterprise DLP Audit Logs on the DLP App
- View Enterprise DLP Log Details on Cloud Management
- Manage Enterprise DLP Incidents on Cloud Management
- View Enterprise DLP Audit Logs on Cloud Management
- View Enterprise DLP Log Details on Panorama
Create a Security Policy Rule for ChatGPT on Prisma Access (Cloud Management)
Create a security policy rule to prevent exfiltration of sensitive data to ChatGPT
for
Prisma Access
(Cloud Management)
on Cloud Management
.Use
Enterprise Data Loss Prevention (E-DLP)
for Prisma Access
(Cloud Management)
on Cloud Management
to prevent
exfiltration of sensitive data to ChatGPT in a new or existing Security policy
rule.Your Prisma Access tenants must be running Software Version 10.2.3 or later
release. Support for non-file based HTTP/2
traffic inspection is required to successfully prevent exfiltration to ChatGPT.
- Selectand Enable Non-File Inspection.ManageConfigurationSecurity ServicesData Loss PreventionSettingsData Transfer
- Selectand create the decryption profile and policy rule required to enable .ManageConfigurationSecurity ServicesDecryptionDo not enableStrip ALPNin the decryption profile. Enterprise DLP cannot inspect egress traffic to ChatGPT if you remove application-layer protocol negotiation (ALPN) headers from decrypted traffic.
- (Optional) Create a Custom Data Pattern on Cloud Management.Create a custom regex data pattern to define your own match criteria. You can skip this step if you plan to use predefined or existing data patterns to define match criteria in your data filtering profile.
- Create a data profile onCloud Managementor use an existing data profile.
- Selectand in the Actions column,ManageConfigurationSecurity ServicesData Loss PreventionDLP RulesEditthe DLP rule.
- EnableNon-File Based Match Criteria.DLP rules configured for non-file detection are required to prevent exfiltration of sensitive data to ChatGPT. You can further modify the DLP rule to enforce your organization’s data security standards. The DLP rule has an identical name as the data profile from which it was automatically created.You can keepFile Based Matched Criteriaenabled or disable as needed. Enabling this setting has no impact on detection of egress traffic to ChatGPT as long asNon-File Based Match Criteriais enabled.
- Modify theActionandLog Severity.
- Modify the rest of the DLP rule as needed.
- Save.
- Create a Shared Profile Group for theEnterprise DLPdata filtering profile.
- SelectandManageConfigurationSecurity ServicesProfile GroupsAdd Profile Group.
- Enter a descriptiveNamefor the Profile Group.
- For the Data Loss Prevention Profile, select theEnterprise DLPdata profile.
- Add any other additional profiles as needed.
- Savethe profile group.
- Create a Security policy and attach the Profile Group.Alternatively, you can selectto create or add ChatGPT to a Web Security Policy. You can skip this step if you create a Web Security Policy for ChatGPT.ManageConfigurationWeb Security
- SelectandManageConfigurationSecurity ServicesSecurity PolicyAdd Rule.You can also update an existing Security policy to attach a Profile Group forEnterprise DLPfiltering.
- In the Applications, Services, and URLs section,Add Applicationsto search for and selectopenai-chatgpt.
- Navigate to the Action and Advanced Inspection section, and select theProfile Groupyou created in the previous step.
- Configure the Security policy as needed.TheActionyou specify in the data profile determines whether egress traffic to ChatGPT is blocked. The Security policy ruleActiondoes not impact whether matched traffic is blocked.For example, you configured the data filtering profile toBlockmatching egress traffic but configure the Security policy ruleActiontoAllow. In this scenario, the matching egress traffic to ChatGPT is blocked.
- Savethe Security policy.
- Push your data filtering profile.
- Push ConfigandPush.
- Select (enable)Remote NetworksandMobile Users.
- Push.