Enterprise DLP
What’s Supported with Enterprise DLP?
Table of Contents
Expand All
|
Collapse All
Enterprise DLP Docs
What’s Supported with Enterprise DLP?
Learn about the supported applications and operational parameters for Enterprise Data Loss Prevention (E-DLP).
Where Can I Use This? | What Do I Need? |
---|---|
|
Or any of the following licenses that include the Enterprise DLP license
|
Learn about the products that support Enterprise Data Loss Prevention (E-DLP) and its features:
- Platform Support
- Applications
- GenAI Applications
- File Types
- Encoding Schemas
- Detection Methods
- Features
- Double Byte Characters
- Non-File Based Traffic
Platform Support
Platforms supported by Enterprise Data Loss Prevention (E-DLP).
Enterprise Data Loss Prevention (E-DLP) is supported on the following platforms. Enterprise DLP
data patterns and data filtering profiles are designed to work across all supported
platforms to provide consistent data security across all locations. Review the minimum
versions and licenses required for each.
Enterprise DLP supports multitenancy on the Panorama™ management server with the
following restrictions:
- A Superuser must commit all changes to Panorama whenever they make changes to patterns and profiles.
- All tenants share a single copy of pattern and profile configurations; therefore, any changes done to them are reflected across all tenants.
- Since Security policy rules can be different across tenants, each tenant can have different data profiles associated with Security policy rules.
NGFW and VM-Series (Managed by Panorama)
- NGFW PAN-OS Version—PAN-OS 10.0.2 or a later version.PA-410 firewalls are not supported.
- To successfully use Enterprise DLP, you must configure your Security policy rule and Security Profile Group on Panorama and push these configurations to your managed firewalls.Enterprise DLP doesn’t support pushing an Enterprise DLP data filtering profile to your managed firewall and referencing the data filtering profile in a Security policy rule or Security Profile Group created locally on the firewall.
- Apps & Threats Content Update Version—Application and Threats content release version 8334 or a later version.Upgrade to PAN-OS 10.0.3 and install Application and Threats content release version 8413 or later version for additional application support.
- Licenses—Support licenses (NGFW and Panorama) and a Panorama device management license.
Prisma Access (Managed by Panorama)
- Prisma Access Version—Prisma Access 2.0 Innovation or a later version.
- To successfully use Enterprise DLP, you must configure your Security policy rule and Security Profile Group on Panorama and push these configurations to your managed firewalls.Enterprise DLP doesn’t support pushing an Enterprise DLP data filtering profile to your managed firewall and referencing the data filtering profile in a Security policy rule or Security Profile Group created locally on the firewall.
- Apps & Threats Content Update Version—Application and Threats content release version 8334 or a later version.Install Application and Threats content release version 8413 or later version for additional application support.
- Licenses—Prisma Access license, Strata Logging Service license, and Panorama support license.
NGFW (Managed by Strata Cloud Manager)
- NGFW PAN-OS Version—PAN-OS 10.2.3 or a later version.
- Apps & Threats Content Update Version—Application and Threats content release version 8614 or a later version.
- Licenses—NGFW support license and a AIOps for NGFW Premium license.
Prisma Access (Managed by Strata Cloud Manager)
- Enterprise DLP is supported on Strata Cloud Manager when using Prisma Access (Managed by Strata Cloud Manager), SaaS Security, or both.
- Enterprise DLP is supported on PA-Series firewalls managed by Strata Cloud Manager.
- DLP is an add-on license on Strata Cloud Manager when using Strata Cloud Manager from a Single Prisma SASE Platform or Multitenant Prisma SASE Platform.Enterprise DLP is included by default and doesn’t require a separate license when using Strata Cloud Manager from the CASB-X Platform.
- Important: Install Panorama plugin for Enterprise DLP 1.0.6 or later release if you’re using Enterprise DLP on Strata Cloud Manager and managing the Enterprise DLP configuration from Panorama for Palo Alto Networks Next-Generation Firewalls (NGFW) and Prisma Access (Managed by Panorama). This is required to ensure Enterprise DLP configurations are successfully synchronized across all your security platforms.DLP policy enforcement on Strata Cloud Manager is supported when using Panorama to manage your Enterprise DLP configuration.
Applications
Applications supported by Enterprise Data Loss Prevention (E-DLP).
The following table displays the supported web applications and operational
parameters that you can use with Enterprise Data Loss Prevention (E-DLP). See the Supported File Types
for more information on which file types Enterprise DLP can inspect and render a
verdict on across all applications. Refer to the Palo
Alto Networks Applipedia for more information on each application App-ID.
Some application support might have a Minimum Version Requirement.
The minimum version requirement to support inspection of an application might require a
minimum PAN-OS version or an Apps & Threats content release version installed.
Some Enterprise DLP functionality is dependent on a PAN-OS release.
- Any application that supports the Non-File Inspection Inspection Type requires PAN-OS 10.2.3 or later PAN-OS release.
- Any application that supports a Max File Size larger than 20 MB requires PAN-OS 10.2.4 or later PAN-OS 10.2 release, or PAN-OS 11.0.2 or later release.
- Any application that supports the Download Direction requires PAN-OS 10.2.4 or later PAN-OS 10.2 release, or PAN-OS 11.0.2 or later release.
- To upgrade Panorama or Strata Cloud Manager.
- For Panorama, upgrade Panorama and managed firewalls to the Minimum Version Requirement or later release.
- For Prisma Access (Managed by Panorama), you must upgrade Panorama to the Minimum Version Requirement and ensure your Prisma Access tenants are running the Minimum Version Requirement or later release.
- For Cloud Management, a PAN-OS software upgrade in the Strata Cloud Manager infrastructure to the Minimum Version Requirement or later release is required. You can view the Software Version in the Strata Cloud Manager Overview.
- Review the Compatibility Matrix for the minimum plugin versions required for your target upgrade version.
To use Gmail, you must disable the Quick UDP Internet Connection (QUIC) protocol.
Palo Alto Networks recommends that you disable QUIC in Chrome. To do so, specify
chrome://flags/ in the Chrome Experimental QUIC
Protocol, and select Disabled.
Application
|
App-ID
|
Inspection Type
(File and Non-File)
|
Direction
|
Max File Size
|
Minimum Version Requirement
|
---|---|---|---|---|---|
AirTable
|
airtable
|
Non-File Inspection
|
N/A
|
N/A
|
10.2.3
|
Amazon Cloud Drive Web
|
amazon-cloud-drive
|
File Inspection
|
Upload
|
20 MB
|
None
|
Amazon S3 REST API
|
web-browsing
|
File Inspection
|
Upload
|
20 MB
|
None
|
Apple iCloud Web
|
icloud
|
File Inspection
|
Upload
|
20 MB
|
None
|
Asana Web
|
asana
|
File Inspection
|
Upload
|
20 MB
|
None
|
Basecamp Web
|
basecamp
|
File Inspection
|
Upload
|
20 MB
|
None
|
Bitrix24 Web
|
bitrix24
|
File Inspection
|
Upload
|
20 MB
|
None
|
Blackboard Web
|
blackboard
|
File Inspection
|
Upload
|
20 MB
|
None
|
Blogs (e.g Wordpress, Medium)
|
blog-posting
|
File Inspection
Non-File Inspection
|
Upload
|
20 MB
|
None
|
Box Desktop
|
boxnet
|
File Inspection
|
Upload
Download
|
20 MB (Upload)
100 MB (Download)
|
Version 8413
|
Box Web
|
boxnet
|
File Inspection
|
Upload
Download
|
100 MB
|
Version 8413
|
Canvas Web
|
canvas
|
File Inspection
|
Upload
|
20 MB
|
None
|
Confluence Web
|
confluence-base
web-browsing
|
Non-File Inspection
|
Upload
|
N/A
|
10.2.3
|
DocSend Web
|
docsend
|
File Inspection
|
Upload
|
20 MB
|
None
|
Dropbox Web
|
dropbox
|
File Inspection
|
Upload
|
100 MB
|
11.1.0
|
Egnyte Web
|
egnyte
|
File Inspection
|
Upload
|
20 MB
|
None
|
Evernote Web
|
evernote
|
Non-File Inspection
|
Upload
|
N/A
|
10.2.3
|
Facebook Messenger Web
|
facebook-chat
|
File Inspection
|
Upload
Download
|
25MB
|
None
|
Facebook Web
Images only
|
facebook-uploading
|
File Inspection
|
Upload
|
10 MB
|
10.2.3
|
FilesAnywhere Web
|
filesanywhere
|
File Inspection
|
Upload
|
20 MB
|
None
|
Freshdesk Web
|
freshdesk
|
File Inspection
|
Upload
|
20 MB
|
None
|
GitHub Web
|
github
|
File Inspection
|
Upload
|
20 MB
|
Version 8413
|
Gitlab - Web-based File Attachment and Standard Traffic
|
gitlab
|
File Inspection
Non-File Inspection
|
Upload
|
100 MB
|
Version 8413
|
Glassdoor Web
|
web-browsing
|
Non-File Inspection
|
Upload
|
N/A
|
10.2.3
|
Gmail Web - Mail Attachments
|
gmail
|
File Inspection
Non-File Inspection
|
Upload
|
100 MB
|
Version 8413
|
Google Chat Web
|
google-chat
|
Non-File Inspection
|
Upload
|
N/A
|
10.2.3
|
Google Cloud Platform
|
google-cloud-storage-base
|
File Inspection
|
Upload
Download
|
100 MB
|
None
|
Google Docs Web
|
google-docs-editing
|
Non-File Inspection
|
Upload
|
N/A
|
10.2.3
|
Google Drive Web
|
google-base
google-docs
|
File Inspection
|
Upload
|
100 MB
|
10.2.4
|
Google Forms Web
|
google-docs-editing
|
Non-File Inspection
|
Upload
|
N/A
|
10.2.3
|
Google Meet Web
|
google-meet
|
Non-File Inspection
|
Upload
|
N/A
|
10.2.3
Version 8726-8134
|
Google Photos Web
|
google-photos
|
File Inspection
|
Upload
|
10 MB
|
10.2.3
Version 8745-8229
|
Google Sheets Web
|
google-docs-editing
|
Non-File Inspection
|
Upload
|
N/A
|
10.2.3
|
Google Slides Web
|
google-docs-editing
|
Non-File Inspection
|
Upload
|
N/A
|
10.2.3
|
Grammarly
|
grammarly
|
File Inspection
|
Upload
|
4 MB
|
10.2.3
|
GSuite (Export via link)
|
google-base
|
File Inspection
|
Download
|
25 MB
|
10.2.4
Version 8684-7912
|
Hubspot Web
|
hubspot
|
File Inspection
|
Upload
|
20 MB
|
None
|
Jira Web
|
jira
|
File Inspection
Non-File Inspection
|
Download
|
100 MB
| (Download and Large File) 10.2.4 |
LinkedIn Web
|
linkedin
|
File Inspection
Non-File Inspection
|
Upload
Download
|
20 MB (Upload)
25 MB (Download)
|
(Non-File) 10.2.3
(Download) 10.2.4
Version 8739-17204
|
MailChimp
|
mailchimp
|
Non-File Inspection
|
N/A
|
N/A
|
10.2.3
|
Mendeley Web
|
mendeley
|
File Inspection
|
Upload
|
20 MB
|
None
|
Microsoft Azure Storage
|
windows-azure
|
File Inspection
|
Download
|
100 MB
|
10.2.4 or 11.0.2
Version 8742-8215
|
Microsoft Excel Desktop
|
web-browsing
|
File Inspection
Non-File Inspection
|
Download
|
26 MB
|
10.2.4
|
Microsoft Excel Web
|
web-browsing
|
File Inspection
Non-File Inspection
|
Upload
Download
|
20 MB (Upload)
26 MB (Download)
|
10.2.4
|
Microsoft OneDrive Desktop - Business
|
office365-enterprise-access
sharepoint-online
|
File Inspection
|
Download
|
100 MB
|
10.2.4
Version 8684-7912
|
Microsoft OneDrive Desktop - Personal
|
ms-onedrive
|
File Inspection
|
Upload
|
100 MB
|
10.2.4
Version 8684-7912
|
Microsoft OneDrive Web - Business
|
office365-enterprise-access
sharepoint-online
|
File Inspection
|
Upload
|
100 MB
|
10.2.4
(Large file) 11.1.0
|
Microsoft OneDrive Web - Personal
|
ms-onedrive
|
File Inspection
|
Upload
|
100 MB
|
10.2.4
|
Microsoft OneNote Web
|
ms-onenote
|
File Inspection
Non-File Inspection
|
Upload
Download
|
20 MB
|
Version 8413
|
Microsoft Outlook Web - Mail Attachments
|
ms-office365
|
File Inspection
|
Upload
|
100 MB
|
Version 8673-7845
(Large file) 11.1.0
|
Microsoft Power BI Web
|
web-browsing
|
File Inspection
Non-File Inspection
|
Upload
|
100 MB
|
None
|
Microsoft PowerPoint Desktop
|
ms-powerpoint-online
|
File Inspection
Non-File Inspection
| Download |
100 MB
|
10.2.4
|
Microsoft PowerPoint Web
|
ms-powerpoint-online
|
File Inspection
Non-File Inspection
|
Download
|
100 MB
|
10.2.4
|
Microsoft SharePoint Desktop
|
office365-enterprise-access
sharepoint-online
|
File Inspection
Non-File Inspection
|
Upload
Download
|
100 MB
|
None
|
Microsoft SharePoint Web
|
office365-enterprise-access
sharepoint-online
|
File Inspection
Non-File Inspection
|
Upload
Download
|
100 MB
|
None
|
Microsoft Teams Desktop - Business
|
ms-office365
ms-teams
|
File Inspection
Non-File Inspection
|
Upload
Download
|
10 MB (Upload)
100 MB (Download)
|
10.2.3
|
Microsoft Teams Desktop - Personal
|
ms-office365
ms-teams
|
Non-File Inspection
|
N/A
|
N/A
|
10.2.3
|
Microsoft Teams Web - Business
|
ms-office365
ms-teams
|
File Inspection
Non-File Inspection
|
Upload
Download
|
10 MB (Upload)
100 MB (Download)
|
Version 8742-8215
Large File—PAN-OS 10.2.4 and later or 11.0.2 or later
Non-File—PAN-OS 10.2.3 and later or 11.0.0 or later
|
Microsoft Teams Web - Personal
|
ms-office365
ms-teams
|
File Inspection
Non-File Inspection
|
Upload
Download
|
100 MB
|
Version 8742-8215
Large File—PAN-OS 10.2.4 and later or 11.0.2 or later
Non-File—PAN-OS 10.2.3 and later or 11.0.0 or later
|
Microsoft Word Desktop
|
ms-office365
|
Non-File Inspection
|
N/A
|
N/A
|
10.2.3
|
Microsoft Word Web
|
ms-office365
|
Non-File Inspection
|
N/A
|
N/A
|
10.2.3
|
Miro Web
|
realtimeboard
|
File Inspection
|
Upload
|
30 MB
|
10.2.3
Version 8756-8298
|
Monday.com Web
|
monday
|
File Inspection
|
Upload
|
20 MB
|
None
|
Naver Mail Web |
naver-mail
|
File Inspection
|
Upload
Download
|
100 MB
| None |
Naverworks
|
web-browsing
|
File Inspection
|
Upload
|
20 MB
|
Version 8711-8058
|
Pastebin Web
|
pastebin
|
Non-File Inspection
|
N/A
|
N/A
|
10.2.3
|
Pinterest
|
pinterest
|
Non-File Inspection
|
Upload
Download
|
N/A
|
N/A
|
Prezi Web
|
prezi
|
File Inspection
|
Upload
|
20 MB
|
None
|
Quip
|
quip
|
File Inspection
|
Upload
Download
|
100 MB
|
Version 8735-8187
|
Quora
|
quora
|
Non-File Inspection
|
N/A
|
N/A
|
None
|
Reddit
|
reddit
|
File Inspection
Non-File Inspection
|
Upload
|
20 MB
|
None
|
Salesforce Web
|
salesforce
|
File Inspection
|
Upload
Download
|
100 MB
|
Version 8413
|
ServiceNow Web
|
service-now
|
File Inspection
Non-File Inspection
|
Upload
Download
|
100 MB
|
Version 8413
|
Slack Desktop
|
slack
|
File Inspection
Non-File Inspection
|
Upload
Download
|
100 MB
|
Non-File—PAN-OS 10.2.3 and later or 11.0.0 or later
|
Slack Web
|
slack
|
File Inspection
Non-File Inspection
|
Upload
Download
|
100 MB
|
Non-File—PAN-OS 10.2.3 and later or 11.0.0 or later
|
Smartsheet Web
|
smartsheet-web
|
Non-File Inspection
|
Upload
|
N/A
|
10.2.3 or 11.0.0
|
Splunk Web
|
web-browsing
splunk
|
File Inspection
|
Upload
|
100 MB
|
None
|
Syncplicity Web
|
syncplicity
|
File Inspection
|
Upload
|
20 MB
|
None
|
Trello Web
|
trello
|
File Inspection
|
Upload
|
20 MB
|
None
|
Twitter Web
|
twitter
|
File Inspection
Non-File Inspection
|
Upload
|
20 MB
|
None
|
Udemy Web
|
udemy-base
udemy-business
|
Non-File Inspection
|
Upload
|
N/A
|
10.2.3 or 11.0.0
|
Web Browsing
|
web-browsing
|
File Inspection
Non-File Inspection
|
Upload
|
100 MB
|
None
|
Webex Desktop
|
webex
|
Non-File Inspection
|
Upload
|
N/A
|
Version 8735-8187
|
Workday Web
|
workday
|
File Inspection
|
Upload
Download
|
30 MB
|
Version 8702-8012
|
Workplace by Facebook Web App
|
workplace
|
File Inspection
|
Upload
|
20 MB
|
None
|
Yahoo Web App Mail Attachments
|
yahoo-mail-uploading
|
File Inspection
Non-File Inspection
|
Upload
|
25 MB
|
Version 8413
|
Yammer Web
|
yammer
|
File Inspection
|
Upload
|
20 MB
|
None
|
Zendesk Web
|
zendesk
|
File Inspection
Non-File Inspection
|
Upload
Download
|
50 MB
|
10.2.3 or 11.0.0
(Upload) 10.2.5
Version 8757-8277
|
GenAI Applications
Generative artificial intelligence (GenAI) Applications supported by Enterprise Data Loss Prevention (E-DLP).
The following table displays the supported AI web applications and
operational parameters that you can use with Enterprise Data Loss Prevention (E-DLP). Refer to the
Palo Alto Networks Applipedia for more information on each application
App-ID.
- All GenAI app support require PAN-OS 10.2.3 or later release.
- All GenAI apps support only non-file inspection unless otherwise specified.
Application
|
App-ID
|
Content Version
|
ACE
|
Notes
|
---|---|---|---|---|
Adobe Express
|
adobe-express
|
8872-8848
|
—
|
—
|
Adobe Firefly
|
adobe-firefly
|
8872-8848
|
—
|
—
|
Adrenaline AI
|
adrenaline-ai
|
—
|
√
|
—
|
AI Chatting
|
ai-chatting
|
—
|
√
|
—
|
AI Story Generator
|
ai-story-generator
|
—
|
√
|
—
|
Aithor
|
aithor
|
—
|
√
|
—
|
AI Tubo
|
ai-tubo
|
—
|
√
|
—
|
Artflow
|
artflow
|
—
|
√
|
—
|
Artiphoria
|
artiphoria
|
—
|
√
|
—
|
Beautiful.ai
| beautiful |
8872-8848
|
—
|
—
|
Bito AI
|
bito
|
8872-8848
|
—
|
—
|
Brainly
|
brainly-app
|
—
|
√
|
—
|
Brandmark
|
brandmark
|
—
|
√
|
—
|
Caktus
|
caktus
| — |
√
|
—
|
Candy AI
|
candy-ai
|
—
|
√
|
—
|
Chatbot
| chatbot |
8872-8848
|
—
|
—
|
ChatFAI
|
chatfai
|
—
|
√
|
—
|
Claude AI (Anthropic)
|
claude
|
8872-8848
|
—
|
—
|
Clockwise
|
clockwise
|
8872-8848
|
—
|
—
|
Codium AI
|
codium-ai
|
8872-8848
|
—
| — |
Cohere Coral Chat
|
cohere.ai
|
8852
|
—
|
—
|
Copy AI
| copy.ai |
8872-8848
|
—
|
—
|
DeepL
|
deepl
| 8732 |
—
|
—
|
DreamTavern
|
dreamtavern
|
—
|
√
|
—
|
Echowin
|
echowin
|
—
|
√
|
—
|
EduAide
|
eduaide
|
—
|
√
|
—
|
ElevenLabs
| elevenlabs |
8872-8848
|
—
|
—
|
Figma Figjam AI
|
figma-figjam-ai
|
8852-8753
| — |
—
|
Fireflies
|
fireflies.ai
| — |
√
|
—
|
Fliki
|
flikiapp
| — |
√
|
—
|
Frase
|
frase
|
—
|
√
|
—
|
GitHub Copilot
|
github-copilot
|
8745-8229
|
—
|
—
|
GitHub Copilot Business
|
github-copilot-business
|
8745-8229
|
—
|
—
|
GitHub Copilot Chat
|
github-copilot-chat
|
8825-8649
|
—
|
—
|
GitHub Copilot Chat Business
|
github-copilot-chat-business
|
8825-8649
|
—
|
—
|
Google Gemini (formerly Bard)
|
google-gemini
|
8872-8848
|
—
|
—
|
Hubspot AI
|
hubspot-ai
|
8852
|
—
| — |
Hugging Face API
|
huggingface
|
8852
|
—
|
—
|
Humanloop
|
humanloop
|
8872-8848
|
—
| — |
Hypotenuse AI
| hypotenuse-ai |
8872-8848
|
—
|
—
|
Krisp.ai
|
krisp
| — |
√
| — |
Leonardo AI
|
leonardo-ai
| — |
√
| |
MeetGeek
|
meetgreek
| — |
√
| — |
Microsoft Azure OpenAI
|
azure-openai-api
azure-openai-encrypted
azure-open-ai
|
8756
|
—
|
—
|
Microsoft Power Apps
|
ms-powerapps
|
8852-8753
|
—
|
—
|
Murf
|
murf
|
8872-8848
|
—
|
When rendering a new model in your Murf.ai project, must not select
the Don't Split option. This is option is not
supported and prevents Enterprise DLP from inspecting traffic
to Murf.ai.
|
Notion
|
notion
| 8529 |
—
|
—
|
OpenAI ChatGPT
|
openai-chatgpt
|
8872-8848
|
—
|
—
|
Pi
|
pi
|
—
|
√
|
—
|
PlayHT
|
play.ht
|
8872-8848
|
—
|
—
|
poe
| poe | — |
√
| — |
Prome AI
|
prome-ai
| — |
√
|
—
|
Quickchat
|
quickchat
|
—
|
√
|
—
|
Reclaim.AI
|
reclaim.ai
| — |
√
| — |
Regie AI
|
regie.ai
|
8872-8848
|
—
|
—
|
Replicate
| replicate |
8872-8848
| — |
—
|
Romantic AI
|
romantic-ai
| — |
√
|
—
|
Runway
| runway-app |
8872-8848
| — |
—
|
Sana AI (Knowledge Management)
|
sanalabs
| — |
√
|
—
|
Sapling
|
sapling.ai
|
8872-8848
| — |
—
|
Sembly AI
|
sembly
|
8872-8848
| — |
—
|
Simplified
|
web-browsing
|
—
|
—
|
—
|
SourceGraph Cody
|
sourcegraph-cody
|
8872-8848
| — |
Only Cody web chat is supported
|
Staccato
|
staccato
|
—
|
√
|
—
|
ThoughtSpot
|
thoughtspot
| — |
√
|
—
|
Typeface
|
typeface
|
—
|
√
|
—
|
Voiceflow
|
voiceflow
|
8872-8848
| — |
—
|
Writesonic
|
writesonic
|
8872-8848
| — |
—
|
Zendesk AI
|
zendesk-ai
|
8862-8796
| — |
—
|
File Types
File types supported by Enterprise Data Loss Prevention (E-DLP).
Enterprise Data Loss Prevention (E-DLP) supports the following file operations, upload parameters, file
types, and actions.
- File Name Characters—File name up to 64 bytes in length are supported.
- File Operations—You can upload and download files using HTTP and HTTPS (no FTP or SMTP) using:
- (DLP 3.0.1 and earlier releases) HTTP/1.1Some applications, such as SharePoint and OneDrive, use HTTP/2 by default. To use HTTP/2 files with HTTP/1.1, you need to create a decryption profile and a Security policy rule to strip out the application-layer protocol negotiation (ALPN) extension in headers. See enable Enterprise DLP for more information.
- (DLP 3.0.2 and later releases) HTTP/1.1 and HTTP/2
- File Size—The maximum supported file size is dependent on the application. Review the supported applications for more information.
- Data Flow—File uploads and downloads are supported. Review the supported applications to learn the data flow direction supported for each application.Enterprise DLP doesn’t support maintaining a session connection to continue inspection if a file download is paused. The DLP cloud service inspection is terminated for the file if the download operation is paused.
- Concurrent File Uploads—25 concurrent file uploads are supported.
- File Types—Enterprise DLP supports inspection of the following file types.
- Microsoft Office (.doc, .docx, .ppt, .pptx, .xls, .xlsx)
- Microsoft Visio (.vsd, .vsdm, .vsdx)Requires Application and Threats content release 8656-7766 or later versions installed on Panorama and managed firewalls, or Strata Cloud Manager deployment.
- .csv
- .pdf
- .rtf
- .txt
- Image files (.jpg, .jpeg, .png, .tif, .tiff)Detection of image files requires you to enable Optical Character Recognition (OCR).
- Source Code File Formats—Enterprise DLP supports inspection of the following source code file formats.
- Cfamily—C, C++, C+, C#, Objective C
- Go
- HTML
- java
- javascript
- JSON
- perl
- powershell
- python
- r
- ruby
- vbs
- verilog
- vhd1
- x86_assembly
- ZIP Files—Enterprise DLP supports inspection of ZIP and 7Z (7-ZIP file archiver) files containing the supported file types listed above.Enterprise DLP supports multilevel compressed files.
- Prisma Access and NGFW (Managed by Panorama or Strata Cloud Manager)—Up to four levels of file compression is supported. The total file size for all uncompressed files may not exceed the maximum supported file size for each application.
- Data Security—No maximum number of file compression levels. The total file size for all uncompressed files may not exceed the maximum supported file size for each application.
- Response—Block and Alert actions are supported for HTTP and HTTPS files. However, the Block page doesn’t display the name of the file that the managed firewall blocked.
Encoding Schemas
Encoding schemas supported by Enterprise Data Loss Prevention (E-DLP).
Enterprise DLP supports the following encoding schemas for supported file types.
Detection of encoding schemas for any DLP service relies on heuristically guessing
the character encoding of a series of bytes that represent text. As a result,
encoding schema detection is recognized as being inherently unreliable. This means
that Enterprise DLP may not be able to always detect encoded files. Palo Alto
Networks is continuously working on and improving Enterprise DLP's ability to
detect encoded file types to prevent exfiltration of sensitive data.
- Base64
- Big5
- EUC-JP
- EUC-KR
- GB18030
- IBM855
- ISO-2022-CN
- UISO-2022-JP
- ISO-2022-KR
- ISO-8599-1
- ISO-8599-2
- ISO-8599-3
- ISO-8599-4
- ISO-8599-5
- ISO-8599-6
- ISO-8599-7
- ISO-8599-8
- ISO-8599-9
- ISO-8599-11
- ISO-8599-12
- ISO-8599-13
- ISO-8599-15
- KOI8-R
- Shift_JIS
- UTF-8
- UTF-16BE
- UTF-16LE
- windows-1251
- windows-1252
- windows-1253
- windows-1255
Detection Methods
Supported Enterprise Data Loss Prevention (E-DLP) detection methods to detect sensitive
data.
Review the list of Enterprise Data Loss Prevention (E-DLP) detection methods. Detection methods are
traffic match criteria techniques used by Enterprise DLP to inspect for and prevent
exfilitration of sensitive data. Detection methods can be added alongside any
combination of predefined, custom regex, or file property data patterns in an advanced data profile.
Feature
|
Description
| Panorama | Strata Cloud Manager |
---|---|---|---|
Upload custom documents containing intellectual property for which
you want to prevent exfiltration. Custom document types function as
traffic match criteria in advanced data profiles.
|
√
Configured on Strata Cloud Manager
|
√
| |
Advanced data profiles allow you to specify whether you want to Enterprise DLP to detect all instances of traffic match
criteria or only unique instances of the traffic match criteria.
| — | √ | |
Data dictionaries are a collection of one or more keywords or phrases that you
want to detect and prevent exfilitration. A data dictionary is added
as a match criteria alongside the other supported match criteria in
advanced and nested data profiles to
increase the Enterprise Data Loss Prevention (E-DLP) detection accuracy.
|
√
Configured on Strata Cloud Manager
|
√
| |
Upload data sets to detect sensitive and personally identifiable
information (PII) in structured data sources. EDM data sets function
as traffic match criteria in advanced data profiles.
|
√
Configured on Strata Cloud Manager
|
√
| |
Allows Enterprise DLP to inspect images containing sensitive data in file-based traffic inspection. |
√
Configured on Strata Cloud Manager
|
√
|
Features
Supported Enterprise Data Loss Prevention (E-DLP) features.
Review the list of supported Enterprise Data Loss Prevention (E-DLP) features.
Some Enterprise DLP features supported on NGFW (Managed by Panorama) and Prisma Access (Managed by Panorama) require access to Strata Cloud Manager to enable and configure.
See the supported data profile actions for Enterprise DLP
for more information on which data profile actions are supported.
Feature
|
Description
| Panorama | Strata Cloud Manager |
---|---|---|---|
Custom data profile that can include all functionality of classic data patterns, and advanced detection methods such as
Exact Data Matching (EDM) or custom document types.
|
√
Configured on Strata Cloud Manager
|
√
| |
Audit logs for a comprehensive history of the changes that occurred across Enterprise DLP. They maintain a history of when data patterns and data profiles are created, updated, or
deleted.
|
√
Configured on Strata Cloud Manager
|
√
| |
Custom data profile that can include any combination of predefined, regular
expression (regex), or file property data patterns.
|
√
|
√
| |
Provides quantifiable metrics to measure the overall data risk for your
organization and gives administrators the ability to analyze and take preventative
action to strengthen your data risk security posture using the Data Risk
Dashboard.
| — |
√
| |
Enterprise DLP performs inline inspection of outbound emails to prevent
exfiltration of emails containing sensitive information using AI/ML powered data
detections.
| — |
√
| |
Use Endpoint DLP to prevent exfiltration of sensitive data to peripheral devices
such as USB devices, printers, and network shares, or to control access to them.
| — |
√
| |
Integrate Enterprise DLP with Cortex XSOAR to use Enterprise DLP
End User Alerting, granting your team members the ability to self-service temporary
exemptions for file uploads that match your data profiles.
|
√
Configured on Strata Cloud Manager
|
√
| |
Enterprise DLP Migrator |
Use the Enterprise Data Loss Prevention (E-DLP) Migrator to migrate your Symantec DLP policy rules
and convert them into SaaS Security policy rules. This allows you to
quickly transition to Palo Alto Networks Enterprise DLP without the need to
manually recreate all your Security policy rules designed to prevent exfiltration of
sensitive data.
| — |
√
|
Connect an AWS storage bucket, Azure storage bucket, or SFTP server to Enterprise DLP to automatically store files scanned by the DLP cloud service that
match your data profiles. After a file is successfully stored, you can download the
file for further investigation.
|
√
Configured on Strata Cloud Manager
|
√
| |
Monitor sharing of sensitive passwords over chat-based applications. Enterprise DLP uses contextual messages to understand instances where a password
might have been shared. When Enterprise DLP detects that a password was shared,
a DLP Incident is generated that displays a snippet of the response containing the
password.
| — |
√
| |
Custom data profile that contains multiple nested data profiles that allows you to
consolidate the match criteria to prevent exfiltration of sensitive data to a single
data profile that can be used in a single Security policy rule.
|
√
Configured on Strata Cloud Manager
|
√
| |
Configure Enterprise DLP data profiles to inspect non-file based traffic to prevent exfiltration of sensitive data through collaboration applications, web forms, Cloud applications, and social media. |
√
|
√
| |
Report false positive detections to Palo Alto Networks to improve Enterprise DLP detection accuracy for yourself and other Enterprise DLP
users. False positive detections are reported against the DLP Incident where the
false positive detection occurred.
|
√
Configured on Strata Cloud Manager
|
√
| |
Create a Log Forwarding profile to automatically forward Enterprise Data Loss Prevention (E-DLP) incident syslogs to your third-party security information and event management (SIEM), Security Orchestration, and Response (SOAR), or other automated ticketing systems. This enables your SOC Analysts and Incident admins to effectively triage, review, and resolve data security risks that occur in your organization. |
—
|
√
| |
Test the efficacy of your Enterprise Data Loss Prevention (E-DLP) data profiles before adding them
to your Security policy rule and pushing to your production NGFW and
Prisma Access tenants. This allows you to validate your data profiles against
a file containing known sensitive data to ensure accurate detection by Enterprise DLP.
|
√
Configured on Strata Cloud Manager
|
√
|
Double Byte Characters
Enterprise Data Loss Prevention (E-DLP) supports detection of sensitive data in Chinese, Japanese,
and Korean (CJK) double byte characters.
Enterprise Data Loss Prevention (E-DLP) supports detection of sensitive data for the following double
bye character set languages:
- Chinese (simplified)
- Chinese (traditional)
- Korean
- Japanese
Review the table below to learn more about which Enterprise DLP enforcement
channels, file types, and detection methods support and don't support double byte
characters.
- SupportedCategorySupportedChannelPrisma Access (Managed by Strata Cloud Manager)SaaS Security (API and Inline)File Types.csv.pdf.txtMicrosoft Office (.doc, .docx, .ppt, .pptx, .xls, .xlsx)ZIP filesDetection MethodsPredefined and custom regular expression (regex) data patternsPredefined and custom file property data patterns
- Not SupportedCategoryNot SupportedChannelNGFW (Managed by Panorama)NGFW (Managed by Strata Cloud Manager)File TypesMicrosoft Visio (.vsd, .vsdm, .vsdx)Image files (.jpg, .jpeg, .png, .tif, .tiff)All source code file typesDetection MethodsTitus tags for file property data patterns(SaaS Security API and Inline) Regex data patterns for PDF files
For example, Enterprise DLP can inspect and block an outbound email if sensitive
data is written in double byte plaintext characters directly in the email subject or
body. However Enterprise DLP can't inspect and block an outbound email if sensitive
data is written in double byte plaintext characters in a document meant to be detected
with a custom document type.
Non-File Based Traffic
Enterprise Data Loss Prevention (E-DLP) supports inspection of non-file based traffic.
Enterprise Data Loss Prevention (E-DLP) supports inspection of non-file based traffic for sensitive
data. A data filtering profile configured for non-file based traffic detection allows
you to configure URL and application exclusion lists to exclude specific URL and
application traffic from Enterprise DLP inspection.
On the Panorama™ management server, each data profile you create can be configured to
inspect for either file based traffic or for non-file based traffic, or for both. On Strata Cloud Manager, you need to enable non-file based DLP inspection. After you enable this setting on
Strata Cloud Manager you can modify a DLP rule to inspect for either file
based traffic or for non-file based traffic, or for both.
Inspection of non-file based traffic is supported on Panorama running
PAN-OS 10.2.1 and later releases and Enterprise DLP plugin 3.0.1 and later
releases.
To upgrade to PAN-OS 10.2.1, you must install Application and Threats content release
version 8552-7333 or later version on Panorama and managed
firewalls using Enterprise DLP. This is required to support non-file based
traffic inspection.