>
    Strata Copilot
    Edit the Structured Data Settings
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Edit the Structured Data Settings
    Download PDF
    Enterprise DLP

    Edit the Structured Data Settings

    Table of Contents

    Edit the Structured Data Settings

    Configure the Enterprise Data Loss Prevention (E-DLP) structured data settings to control clustering behavior for structured data detection.
    On May 7, 2025, Palo Alto Networks is introducing new Evidence Storage and Syslog Forwarding service IP addresses to improve performance and expand availability for these services globally.
    You must allow these new service IP addresses on your network to avoid disruptions for these services. Review the Enterprise DLP Release Notes for more information.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Panorama or Strata Cloud Manager)
    • Prisma Access (Managed by Panorama or Strata Cloud Manager)
    • Prisma Browser
    • Enterprise Data Loss Prevention (E-DLP) license
      Review the Supported Platforms for details on the required license for each enforcement point.
    Or any of the following licenses that include the Enterprise DLP license
    • Prisma Access CASB license
    • Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
    • Data Security license
    Enterprise Data Loss Prevention (E-DLP) uses clustering to detect sensitive data in structured documents such as spreadsheets and CSV files. Clustering groups instances of sensitive data that are close to each other and elevates a detection to High Confidence when six or more detections of the same type appear in a row or column, even without a proximity keyword in a header row. This enables Enterprise DLP to identify sensitive data in structured documents that don't have header rows with column names due to error or malicious intent.
    However, if the underlying data pattern itself produces false positives, clustering can amplify those inaccuracies across an entire column. Clustering can also produce incorrect results when a single column contains values of multiple data types. Configure the structured data settings to control clustering behavior for your Enterprise DLP tenant and reduce false positives in structured data detection.
    1. Log in to Strata Cloud Manager.
    2. Select ConfigurationData Loss PreventionSettingsStructured Data.
    3. Enable or disable Header Prediction.
      When the header row is missing from structured data, Enterprise DLP automatically assigns one if it detects a strong pattern of similar data (such as credit card numbers) in the column. This enables Enterprise DLP to apply proximity keyword logic and elevate detections to High Confidence even when the original document lacks a header row.
    4. Enable or disable Enforce Data Uniformity.
      When enabled, Enterprise DLP attempts to predict the header only when the percentage of similar values in a column exceeds the configured Minimum Required Data Uniformity threshold. This prevents false positive header predictions in columns that contain mixed data types.
    5. (Optional) If you enabled data uniformity enforcement, configure the Minimum Required Data Uniformity percentage (default is 85%).
      The minimum required data uniformity threshold defines the minimum percentage of similar values required in a column before Enterprise DLP predicts a header for that column.
      Palo Alto Networks recommends using the default percentage to minimize false positive detections and maximize true positive detections. Modifying the Minimum Required Data Uniformity threshold does the following:
      • Increasing the threshold requires a higher percentage of similar values in the column before Enterprise DLP predicts a header. This can further reduce false positive detections but might prevent some detections from being elevated to High Confidence in columns with some variation in data.
      • Decreasing the threshold allows Enterprise DLP to predict a header even when the column contains more non-matching values. This increases detection coverage but might produce more false positive detections.
    6. Save your structured data settings.

    © 2026 Palo Alto Networks, Inc. All rights reserved.