Enterprise DLP Administrator’s Guide
    : Create a Security Policy Rule for ChatGPT on SaaS Security
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Enterprise DLP Administrator’s Guide
    4. Configure Enterprise DLP
    5. Enterprise DLP and AI Apps
    6. Create a Security Policy Rule for ChatGPT
    7. Create a Security Policy Rule for ChatGPT on SaaS Security
    Download PDF

    Enterprise DLP Administrator’s Guide

    Create a Security Policy Rule for ChatGPT on SaaS Security

    Table of Contents

    Create a Security Policy Rule for ChatGPT on SaaS Security

    Create a security policy rule to prevent exfiltration of sensitive data to ChatGPT for SaaS Security on
    Cloud Management
    .
    Use
    Enterprise Data Loss Prevention (E-DLP)
     for
    Prisma Access (Cloud Management)
     on
    Cloud Management
     to prevent exfiltration of sensitive data to ChatGPT in a new or existing Security policy rule.
    If you would rather block access to ChatGPT on your network, you can do so from the SaaS Security Applications dashboard (
    Manage
    Configuration
    Security Services
    SaaS Application Management
    Discovered Apps
    Applications
    ). Using the Saas Security Application dashboard to
    Block Access
     allows you to quickly generate a policy rule recommendation, rather than manually creating one on your own.
    Support for non-file based HTTP/2 traffic inspection is required to successfully prevent exfiltration to ChatGPT. Your
    Cloud Management
     tenant must be running Software Version 10.2.3 or later release.
    2. Select
      Manage
      Configuration
      Security Services
      Data Loss Prevention
      Settings
      Data Transfer
       and Enable Non-File Inspection.
    3. Select
      Manage
      Configuration
      Security Services
      Decryption
       and create the decryption profile and policy rule required to enable .
      Do not enable
      Strip ALPN
       in the decryption profile. Enterprise DLP cannot inspect egress traffic to ChatGPT if you remove application-layer protocol negotiation (ALPN) headers from decrypted traffic.
    4. Create a custom regex data pattern to define your own match criteria. You can skip this step if you plan to use predefined or existing data patterns to define match criteria in your data filtering profile.
    6. Select
      Manage
      Configuration
      Security Services
      Data Loss Prevention
      DLP Rules
       and in the Actions column,
      Edit
       the DLP rule.
      1. Enable
        Non-File Based Match Criteria
        .
        DLP rules configured for non-file detection are required to prevent exfiltration of sensitive data to ChatGPT. You can further modify the DLP rule to enforce your organization’s data security standards. The DLP rule has an identical name as the data profile from which it was automatically created.
        You can keep
        File Based Matched Criteria
         enabled or disable as needed. Enabling this setting has no impact on detection of egress traffic to ChatGPT as long as
        Non-File Based Match Criteria
         is enabled.
      2. Modify the
        Action
         and
        Log Severity
        .
      3. Modify the rest of the DLP rule as needed.
      4. Save
        .
    7. Select
      Manage
      Configuration
      Security Services
      SaaS Security
      Discovered Apps
      Policy Recommendations
       to create a Security policy rule recommendation.
      A SaaS policy rule recommendation is required to leverage the
      Enterprise Data Loss Prevention (E-DLP)
       data profile in SaaS Security.
      1. In the Select Applications section, search for and select
        ChatGPT
        .
      2. In the Data Profile section, search for and select the data profile you enabled in the previous step.
      3. Configure the policy rule recommendation as needed.
      4. Save
        .

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.