: Create a Security Policy Rule for ChatGPT on SaaS Security
Focus
Focus

Create a Security Policy Rule for ChatGPT on SaaS Security

Table of Contents

Create a Security Policy Rule for ChatGPT on SaaS Security

Create a security policy rule to prevent exfiltration of sensitive data to ChatGPT for SaaS Security on
Cloud Management
.
Use
Enterprise Data Loss Prevention (E-DLP)
for
Prisma Access (Cloud Management)
on
Cloud Management
to prevent exfiltration of sensitive data to ChatGPT in a new or existing Security policy rule.
If you would rather block access to ChatGPT on your network, you can do so from the SaaS Security Applications dashboard (
Manage
Configuration
Security Services
SaaS Application Management
Discovered Apps
Applications
). Using the Saas Security Application dashboard to
Block Access
allows you to quickly generate a policy rule recommendation, rather than manually creating one on your own.
Support for non-file based HTTP/2 traffic inspection is required to successfully prevent exfiltration to ChatGPT. Your
Cloud Management
tenant must be running Software Version 10.2.3 or later release.
  1. Select
    Manage
    Configuration
    Security Services
    Data Loss Prevention
    Settings
    Data Transfer
    and Enable Non-File Inspection.
  2. Select
    Manage
    Configuration
    Security Services
    Decryption
    and create the decryption profile and policy rule required to enable .
    Do not enable
    Strip ALPN
    in the decryption profile. Enterprise DLP cannot inspect egress traffic to ChatGPT if you remove application-layer protocol negotiation (ALPN) headers from decrypted traffic.
  3. Create a custom regex data pattern to define your own match criteria. You can skip this step if you plan to use predefined or existing data patterns to define match criteria in your data filtering profile.
  4. Select
    Manage
    Configuration
    Security Services
    Data Loss Prevention
    DLP Rules
    and in the Actions column,
    Edit
    the DLP rule.
    1. Enable
      Non-File Based Match Criteria
      .
      DLP rules configured for non-file detection are required to prevent exfiltration of sensitive data to ChatGPT. You can further modify the DLP rule to enforce your organization’s data security standards. The DLP rule has an identical name as the data profile from which it was automatically created.
      You can keep
      File Based Matched Criteria
      enabled or disable as needed. Enabling this setting has no impact on detection of egress traffic to ChatGPT as long as
      Non-File Based Match Criteria
      is enabled.
    2. Modify the
      Action
      and
      Log Severity
      .
    3. Modify the rest of the DLP rule as needed.
    4. Save
      .
  5. Select
    Manage
    Configuration
    Security Services
    SaaS Security
    Discovered Apps
    Policy Recommendations
    to create a Security policy rule recommendation.
    A SaaS policy rule recommendation is required to leverage the
    Enterprise Data Loss Prevention (E-DLP)
    data profile in SaaS Security.
    1. In the Select Applications section, search for and select
      ChatGPT
      .
    2. In the Data Profile section, search for and select the data profile you enabled in the previous step.
    3. Configure the policy rule recommendation as needed.
    4. Save
      .

Recommended For You