Create a Security Policy Rule for ChatGPT on SaaS Security
Table of Contents
Expand all | Collapse all
-
- Register and Activate Enterprise DLP on Prisma Access (Panorama Managed)
- Edit the Enterprise DLP Snippet Settings on the DLP App
- Enable Role Based Access to Enterprise DLP on Cloud Management
- Enable Optical Character Recognition on Cloud Management
- Enable Optical Character Recognition for Enterprise DLP
-
-
- Create a Data Profile on the DLP App
- Create a Data Profile with EDM Data Sets on the DLP App
- Create a Data Profile with Data Patterns and EDM Data Sets on the DLP App
- Create a Data Profile with Nested Data Profiles on the DLP App
- Create a Data Profile on Cloud Management
- Create a Data Profile with EDM Data Sets on Cloud Management
- Create a Data Profile with Data Patterns and EDM Data Sets on Cloud Management
- Create a Data Profile with Nested Data Profiles on Cloud Management
- Create a Data Filtering Profile on Panorama
- Create a Data Filtering Profile on Panorama for Non-File Detection
- Update a Data Profile on the DLP App
- Update a Data Profile on Cloud Management
- Update a Data Filtering Profile on Panorama
- Enable Existing Data Patterns and Filtering Profiles
-
- How Does Email DLP Work?
- Activate Email DLP
- Add an Enterprise DLP Email Policy
- Review Email DLP Incidents
-
- Monitor DLP Status with the DLP Health and Telemetry App
- View Enterprise DLP Log Details on the DLP App
- Manage Enterprise DLP Incidents on the DLP App
- View Enterprise DLP Audit Logs on the DLP App
- View Enterprise DLP Log Details on Cloud Management
- Manage Enterprise DLP Incidents on Cloud Management
- View Enterprise DLP Audit Logs on Cloud Management
- View Enterprise DLP Log Details on Panorama
Create a Security Policy Rule for ChatGPT on SaaS Security
Create a security policy rule to prevent exfiltration of sensitive data to ChatGPT
for SaaS Security on
Cloud Management
.Use
Enterprise Data Loss Prevention (E-DLP)
for Prisma Access
(Cloud Management)
on Cloud Management
to prevent
exfiltration of sensitive data to ChatGPT in a new or existing Security policy
rule.If you would rather block access to ChatGPT on your network,
you can do so from the SaaS Security Applications dashboard (). Using the Saas Security Application dashboard to
Manage
Configuration
Security Services
SaaS Application Management
Discovered Apps
Applications
Block
Access
allows you to quickly generate a policy rule recommendation,
rather than manually creating one on your own. Support for non-file based HTTP/2
traffic inspection is required to successfully prevent exfiltration to ChatGPT.
Your
Cloud Management
tenant must be running Software Version 10.2.3 or later
release.- Selectand Enable Non-File Inspection.ManageConfigurationSecurity ServicesData Loss PreventionSettingsData Transfer
- Selectand create the decryption profile and policy rule required to enable .ManageConfigurationSecurity ServicesDecryptionDo not enableStrip ALPNin the decryption profile. Enterprise DLP cannot inspect egress traffic to ChatGPT if you remove application-layer protocol negotiation (ALPN) headers from decrypted traffic.
- (Optional) Create a Custom Data Pattern on Cloud Management.Create a custom regex data pattern to define your own match criteria. You can skip this step if you plan to use predefined or existing data patterns to define match criteria in your data filtering profile.
- Create a data profile onCloud Managementor use an existing data profile.
- Selectand in the Actions column,ManageConfigurationSecurity ServicesData Loss PreventionDLP RulesEditthe DLP rule.
- EnableNon-File Based Match Criteria.DLP rules configured for non-file detection are required to prevent exfiltration of sensitive data to ChatGPT. You can further modify the DLP rule to enforce your organization’s data security standards. The DLP rule has an identical name as the data profile from which it was automatically created.You can keepFile Based Matched Criteriaenabled or disable as needed. Enabling this setting has no impact on detection of egress traffic to ChatGPT as long asNon-File Based Match Criteriais enabled.
- Modify theActionandLog Severity.
- Modify the rest of the DLP rule as needed.
- Save.
- Selectto create a Security policy rule recommendation.ManageConfigurationSecurity ServicesSaaS SecurityDiscovered AppsPolicy RecommendationsA SaaS policy rule recommendation is required to leverage theEnterprise Data Loss Prevention (E-DLP)data profile in SaaS Security.
- In the Select Applications section, search for and selectChatGPT.
- In the Data Profile section, search for and select the data profile you enabled in the previous step.
- Configure the policy rule recommendation as needed.
- Save.