Download Files for Evidence Analysis
Focus
Focus
Enterprise DLP

Download Files for Evidence Analysis

Table of Contents

Download Files for Evidence Analysis

Download files that match your
Enterprise Data Loss Prevention (E-DLP)
data profiles for investigative analysis.
Where Can I Use This?
What Do I Need?
  • Panorama
  • Strata Cloud Manager
  • Enterprise Data Loss Prevention (E-DLP)
    license
  • (
    SaaS Security
    only
    )
    SaaS Security
    license
  • (
    Panorama
    ) Device management license
  • (
    Panorama
    ) Support license
  • (
    Strata Cloud Manager
    )
    Prisma Access
    license
  • (
    Strata Cloud Manager
    )
    AIOps for NGFW Premium
    license
  • (
    Strata Cloud Manager
    )
    AIOps for NGFW Free
    license
After you successfully connect your AWS storage bucket, Azure storage bucket, or SFTP server to
Enterprise Data Loss Prevention (E-DLP)
to store files that match your
Enterprise DLP
data profiles, you can download to your local device any files scanned by the DLP cloud service to allow for in-depth investigation.
Files scanned by the DLP cloud service while
Enterprise DLP
is disconnected from your cloud storage bucket aren’t stored in your cloud storage. This means that all impacted files aren’t available for download. However, all snippet data is preserved and can still be viewed in
Enterprise DLP
.

Strata Cloud Manager

Download files that match your
Enterprise Data Loss Prevention (E-DLP)
data profiles for
Prisma Access (Cloud Management)
and
SaaS Security
on
Strata Cloud Manager
.
  1. Connect your AWS storage bucket, Azure storage bucket, or SFTP server to
    Enterprise DLP
    if not already connected.
    The files available to download are only files scanned by the DLP cloud service after you successfully connected
    Enterprise DLP
    to your cloud storage bucket.
  2. (
    AWS and Azure only
    ) Log in to the Amazon AWS console or Microsoft Azure portal and access the cloud storage you connected to
    Strata Cloud Manager
    . Select
    Reports
    and enter a Report ID to
    Search
    .
    The object Name is the Report ID.
  3. Log in to
    Strata Cloud Manager
    .
  4. In the Cloud Management Console, select
    Activity
    Logs
    DLP Incidents
    and search for the Report ID.
  5. Review report summary and click the download button to download the file to your device.
    Whether the stored file is downloaded directly to your local device is dependent on the storage bucket you connected to
    Enterprise DLP
    .
    • AWS and Azure
      —The file associated with the particular Report ID is downloaded locally to your device.
    • SFTP Server
      Cloud Management
      displays the folder path of the location the file was uploaded to on your SFTP server. You must access your SFTP server to download the file to your local device.

Panorama

Download files that match your
Enterprise Data Loss Prevention (E-DLP)
data filtering profiles on the
Panorama™ management server
and
Prisma Access (Panorama Managed)
.
  1. Connect your AWS storage bucket, Azure storage bucket, or SFTP server to
    Enterprise DLP
    if not already connected.
    The files available to download are only files scanned by the DLP cloud service after you successfully connected
    Enterprise DLP
    to your cloud storage.
  2. (
    AWS and Azure only
    ) Obtain the Report ID for the file you want to download by doing one of the following:
    • Log in to the Amazon AWS console or Microsoft Azure portal and access the storage bucket you connected to
      Enterprise DLP
      . Select
      Reports
      and enter a Report ID to
      Search
      .
      The object Name is the Report ID.
    • Log in to the
      Panorama
      web interface and select
      Monitor
      Logs
      Data Filtering
      and
      Filter
      the data filtering logs by entering
      ( subtype eq dlp )
      . Locate the
      Report ID
      column to obtain the Report ID for the report you want to download.
  3. Log in to the DLP app on the hub.
    If you don’t already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.
  4. Select
    Reports
    and enter a Report ID to
    Search
    .
  5. Review report summary and click the download button to download the file to your device.
    Whether the stored file is downloaded directly to your local device is dependent on the storage bucket you connected to
    Enterprise DLP
    .
    • AWS and Azure
      —The file associated with the particular report ID is downloaded locally to your device.
    • SFTP Server
      Enterprise DLP
      displays the folder path of the location the file was uploaded to on your SFTP server. Access your SFTP server to download the file to your local device.

Recommended For You