View Enterprise DLP Log Details on Panorama
Table of Contents
Expand all | Collapse all
-
- Register and Activate Enterprise DLP on Prisma Access (Panorama Managed)
- Edit the Enterprise DLP Snippet Settings on the DLP App
- Enable Role Based Access to Enterprise DLP on Cloud Management
- Enable Optical Character Recognition on Cloud Management
- Enable Optical Character Recognition for Enterprise DLP
-
-
- Create a Data Profile on the DLP App
- Create a Data Profile with EDM Data Sets on the DLP App
- Create a Data Profile with Data Patterns and EDM Data Sets on the DLP App
- Create a Data Profile with Nested Data Profiles on the DLP App
- Create a Data Profile on Cloud Management
- Create a Data Profile with EDM Data Sets on Cloud Management
- Create a Data Profile with Data Patterns and EDM Data Sets on Cloud Management
- Create a Data Profile with Nested Data Profiles on Cloud Management
- Create a Data Filtering Profile on Panorama
- Create a Data Filtering Profile on Panorama for Non-File Detection
- Update a Data Profile on the DLP App
- Update a Data Profile on Cloud Management
- Update a Data Filtering Profile on Panorama
- Enable Existing Data Patterns and Filtering Profiles
-
- How Does Email DLP Work?
- Activate Email DLP
- Add an Enterprise DLP Email Policy
- Review Email DLP Incidents
-
- Monitor DLP Status with the DLP Health and Telemetry App
- View Enterprise DLP Log Details on the DLP App
- Manage Enterprise DLP Incidents on the DLP App
- View Enterprise DLP Audit Logs on the DLP App
- View Enterprise DLP Log Details on Cloud Management
- Manage Enterprise DLP Incidents on Cloud Management
- View Enterprise DLP Audit Logs on Cloud Management
- View Enterprise DLP Log Details on Panorama
View Enterprise DLP Log Details on Panorama
View the log details for traffic that matches your data filtering profiles on firewalls
that are using
Enterprise Data Loss Prevention (E-DLP)
on the Panorama™ management server.When a managed firewall detects sensitive content during a file upload and you created an Alert
or Block action for that type of content, the firewall generates a data filtering
log. You can then filter and view the detailed log data for the detected traffic,
such as policy rule information, the source and destination of the traffic, and the
data profile with which the data pattern is associated. Additionally, the detailed
log view displays the specific data pattern that the traffic matched and also
displays the total number of unique and total occurrences of those data pattern
matches. You can view the detailed logs only on the Panorama management server or
on Prisma Access (Panorama
Managed).
When the managed firewall detects sensitive content during a file upload and you have created an
Alert or Block action, the firewall generates a log. You can then view this
sensitive content, called a
snippet
, from the data filtering logs. A snippet
is evidence or identifiable information associated with a pattern match. For
example, if you specified a data pattern of Credit Card Number, the managed firewall
returns the credit card number of the user as the snippet that was matched. By
default, the managed firewall returns snippets.The managed firewall uses
data masking
to mask the data in the snippets. By default, the
data filtering log displays the last four digits of the value in cleartext (partial
masking). For example, data filtering log displays a snippet of a credit card number
as XXXX-XXXX-XXXX-1234
. You can also specify the data
to be completely displayed in clear text or to fully mask the data and hide all
values. Snippets
are available for regular expression (regex)-based patterns only.
- SelectandMonitorLogsData FilteringFilterthe data filtering logs by entering( subtype eq dlp ).
- View more details about the file including file snippets.
- Click
to the left of the specific log entry for which you want to view more details.
- SelectDLPto view the pattern details.
- Show Snippetto view a snippet of the data that matched the specific data pattern.For data profiles with nested data profiles created on the DLP app or Cloud Management, the data profile displayed is the specific nested data profile that matched the scanned traffic. For example, you create aDataProfile, with the nested profilesProfile1,Profile2, andProfile3and scanned traffic matches the nestedProfile2and is blocked. In this scenario, the data profile displayed for the incident isProfile2.
- Review the masked snippet to understand what data was detected.