Enterprise DLP Administrator’s Guide
    : View Enterprise DLP Log Details on Panorama
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Enterprise DLP Administrator’s Guide
    4. Monitor Enterprise DLP
    5. View Enterprise DLP Log Details on Panorama
    Download PDF

    Enterprise DLP Administrator’s Guide

    View Enterprise DLP Log Details on Panorama

    Table of Contents

    View Enterprise DLP Log Details on Panorama

    View the log details for traffic that matches your data filtering profiles on firewalls that are using
    Enterprise Data Loss Prevention (E-DLP)
     on the Panorama™ management server.
    When a managed firewall detects sensitive content during a file upload and you created an Alert or Block action for that type of content, the firewall generates a data filtering log. You can then filter and view the detailed log data for the detected traffic, such as policy rule information, the source and destination of the traffic, and the data profile with which the data pattern is associated. Additionally, the detailed log view displays the specific data pattern that the traffic matched and also displays the total number of unique and total occurrences of those data pattern matches. You can view the detailed logs only on the Panorama management server or on Prisma Access (Panorama Managed).
    When the managed firewall detects sensitive content during a file upload and you have created an Alert or Block action, the firewall generates a log. You can then view this sensitive content, called a
    snippet
    , from the data filtering logs. A snippet is evidence or identifiable information associated with a pattern match. For example, if you specified a data pattern of Credit Card Number, the managed firewall returns the credit card number of the user as the snippet that was matched. By default, the managed firewall returns snippets.
    The managed firewall uses
    data masking
     to mask the data in the snippets. By default, the data filtering log displays the last four digits of the value in cleartext (partial masking). For example, data filtering log displays a snippet of a credit card number as
    XXXX-XXXX-XXXX-1234
    . You can also specify the data to be completely displayed in clear text or to fully mask the data and hide all values.
    Snippets are available for regular expression (regex)-based patterns only.
    2. Select
      Monitor
      Logs
      Data Filtering
       and
      Filter
       the data filtering logs by entering
      ( subtype eq dlp )
      .
    3. View more details about the file including file snippets.
      1. Click to the left of the specific log entry for which you want to view more details.
      2. Select
        DLP
         to view the pattern details.
      3. Show Snippet
         to view a snippet of the data that matched the specific data pattern.
        For data profiles with nested data profiles created on the DLP app or Cloud Management, the data profile displayed is the specific nested data profile that matched the scanned traffic. For example, you create a
        DataProfile
        , with the nested profiles
        Profile1
        ,
        Profile2
        , and
        Profile3
         and scanned traffic matches the nested
        Profile2
         and is blocked. In this scenario, the data profile displayed for the incident is
        Profile2
        .
      4. Review the masked snippet to understand what data was detected.

    Recommended For You

    © 2023 Palo Alto Networks, Inc. All rights reserved.