What’s Supported with Enterprise DLP?
Focus
Focus
Enterprise DLP

What’s Supported with Enterprise DLP?

Table of Contents

What’s Supported with Enterprise DLP?

Learn about the supported applications and operational parameters for Enterprise Data Loss Prevention (E-DLP).
Where Can I Use This?What Do I Need?
  • NGFW (Managed by Panorama or Strata Cloud Manager)
  • Prisma Access (Managed by Panorama or Strata Cloud Manager)
  • Enterprise Data Loss Prevention (E-DLP) license
    Review the Supported Platforms for details on the required license for each enforcement point.
Or any of the following licenses that include the Enterprise DLP license
  • Prisma Access CASB license
  • Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
  • Data Security license
Learn about the products that support Enterprise Data Loss Prevention (E-DLP) and its features:

Platform Support

Platforms supported by Enterprise Data Loss Prevention (E-DLP).
The following platforms support Enterprise Data Loss Prevention (E-DLP). Enterprise DLP data patterns and data filtering profiles are designed to work across all supported platforms to provide consistent data security across all locations. Review the minimum versions and licenses required for each.
Enterprise DLP supports multitenancy on the Panorama™ management server with the following restrictions:
  • Only a Superuser on Panorama can create Enterprise DLP patterns and profiles, and can associate profiles to Security policy rules for tenants.
  • A Superuser must commit all changes to Panorama whenever they make changes to patterns and profiles.
  • All tenants share a single copy of pattern and profile configurations; therefore, Enterprise DLP synchronizes any changes done you make across all your tenants where you activated Enterprise DLP.
  • Since Security policy rules can be different across tenants, each tenant can have different data profiles associated with Security policy rules.
  • NGFW and VM-Series (Managed by Panorama)
    PA-410, PA-415, and PA-415-5G firewalls are not supported.
    • NGFW PAN-OS Version—PAN-OS 10.0.2 or a later version.
    • Panorama PAN-OS VersionM-Series or virtual appliance running PAN-OS 10.0.2 or later version.
      To successfully use Enterprise DLP, you must configure your Security policy rule and Security Profile Group on Panorama and push these configurations to your managed firewalls.
      Enterprise DLP does not support pushing an Enterprise DLP data filtering profile to your managed firewall and referencing the data filtering profile in a Security policy rule or Security Profile Group created locally on the firewall.
    • Apps & Threats Content Update Version—Application and Threats content release version 8334 or a later version.
      Upgrade to PAN-OS 10.0.3 and install Application and Threats content release version 8413 or later version for additional application support.
    • Licenses—Support licenses (NGFW and Panorama) and a Panorama device management license.
  • Prisma Access (Managed by Panorama)
    • Prisma Access VersionPrisma Access 2.0 Innovation or a later version.
    • PanoramaPAN-OS VersionM-Series or virtual appliance running PAN-OS 10.0.2 or later version.
      To successfully use Enterprise DLP, you must configure your Security policy rule and Security Profile Group on Panorama and push these configurations to your managed firewalls.
      Enterprise DLP does not support pushing an Enterprise DLP data filtering profile to your managed firewall and referencing the data filtering profile in a Security policy rule or Security Profile Group created locally on the firewall.
    • Apps & Threats Content Update Version—Application and Threats content release version 8334 or a later version.
      Install Application and Threats content release version 8413 or later version for additional application support.
    • LicensesPrisma Access license, Strata Logging Service license, and Panorama support license.
  • NGFW and VM-Series (Managed by Strata Cloud Manager)
    PA-410, PA-415, and PA-415-5G firewalls are not supported.
    • Review the list of NGFW supported on Strata Cloud Manager.
    • NGFW PAN-OS Version—PAN-OS 10.2.3 or a later version.
    • Apps & Threats Content Update Version—Application and Threats content release version 8614 or a later version.
    • LicensesNGFW support license and a AIOps for NGFW Premium license.
  • Prisma Access (Managed by Strata Cloud Manager)
    • Enterprise DLP is an add-on license for Prisma Access when using Strata Cloud Manager from a Single Prisma SASE Platform or Multitenant Prisma SASE Platform.
      However, the CASB-X and CASB-PA licenses include the Enterprise DLP license by default and does not require a separate license to activate and use Enterprise DLP.
    • Important: Install the Panorama plugin for Enterprise DLP 1.0.6 or later release if you’re using Enterprise DLP on both NGFW and Prisma Access (Managed by Strata Cloud Manager) and NGFW and Prisma Access (Managed by Panorama).
      This is required to ensure Enterprise DLP configurations are successfully synchronized across both Strata Cloud Manager and Panorama.

Applications

Applications supported by Enterprise Data Loss Prevention (E-DLP).
The following table displays the supported web applications and operational parameters that you can use with Enterprise Data Loss Prevention (E-DLP). See the Supported File Types for more information on which file types Enterprise DLP can inspect and render a verdict on across all applications. Refer to the Palo Alto Networks Applipedia for more information on each application App-ID.
Some application support might have a Minimum Version Requirement. The minimum version requirement to support inspection of an application might require a minimum PAN-OS version or an Apps & Threats content release version installed.
Some Enterprise DLP functionality is dependent on a PAN-OS release.
  • Any application that supports the Non-File Inspection Inspection Type requires PAN-OS 10.2.3 or later PAN-OS release.
  • Any application that supports a Max File Size larger than 20 MB requires PAN-OS 10.2.4 or later PAN-OS 10.2 release, or PAN-OS 11.0.2 or later release.
  • Any application that supports the Download Direction requires PAN-OS 10.2.4 or later PAN-OS 10.2 release, or PAN-OS 11.0.2 or later release.
  • To upgrade Panorama or Strata Cloud Manager.
    • For Panorama, upgrade Panorama and managed firewalls to the Minimum Version Requirement or later release.
    • For Prisma Access (Managed by Panorama), you must upgrade Panorama to the Minimum Version Requirement and ensure your Prisma Access tenants are running the Minimum Version Requirement or later release.
    • For Cloud Management, a PAN-OS software upgrade in the Strata Cloud Manager infrastructure to the Minimum Version Requirement or later release is required. You can view the Software Version in the Strata Cloud Manager Overview.
    • Review the Compatibility Matrix for the minimum plugin versions required for your target upgrade version.
To use Gmail, you must disable the Quick UDP Internet Connection (QUIC) protocol. Palo Alto Networks recommends that you disable QUIC in Chrome. To do so, specify chrome://flags/ in the Chrome Experimental QUIC Protocol, and select Disabled.
Application
App-ID
Inspection Type
(File and Non-File)
Direction
Max File Size
Minimum Version Requirement
AirTable
airtable
Non-File Inspection
N/A
N/A
10.2.3
Amazon Cloud Drive Web
amazon-cloud-drive
File Inspection
Upload
20 MB
None
Amazon S3 REST API
web-browsing
File Inspection
Upload
20 MB
None
Apple iCloud Web
icloud
File Inspection
Upload
20 MB
None
Asana Web
asana
File Inspection
Upload
20 MB
None
Basecamp Web
basecamp
File Inspection
Upload
20 MB
None
Bitrix24 Web
bitrix24
File Inspection
Upload
20 MB
None
Blackboard Web
blackboard
File Inspection
Upload
20 MB
None
Blogs (e.g Wordpress, Medium)
blog-posting
File Inspection
Non-File Inspection
Upload
20 MB
None
Box Desktop
boxnet
File Inspection
Upload
Download
20 MB (Upload)
100 MB (Download)
Version 8413
Box Web
boxnet
File Inspection
Upload
Download
100 MB
Version 8413
Canvas Web
canvas
File Inspection
Upload
20 MB
None
Confluence Web
confluence-base
web-browsing
Non-File Inspection
Upload
N/A
10.2.3
DocSend Web
docsend
File Inspection
Upload
20 MB
None
Dropbox Web
dropbox
File Inspection
Upload
Download
100 MB
11.1.0
Egnyte Web
egnyte
File Inspection
Upload
20 MB
None
Evernote Web
evernote
Non-File Inspection
Upload
N/A
10.2.3
Facebook Messenger Web
facebook-chat
File Inspection
Upload
Download
25MB
None
Facebook Web
Images only
facebook-uploading
File Inspection
Upload
10 MB
10.2.3
FilesAnywhere Web
filesanywhere
File Inspection
Upload
20 MB
None
Freshdesk Web
freshdesk
File Inspection
Upload
20 MB
None
GitHub Web
github
File Inspection
Upload
20 MB
Version 8413
Gitlab - Web-based File Attachment and Standard Traffic
gitlab
File Inspection
Non-File Inspection
Upload
100 MB
Version 8413
Glassdoor Web
web-browsing
Non-File Inspection
Upload
N/A
10.2.3
Gmail Web - Mail Attachments
gmail
File Inspection
Non-File Inspection
Upload
100 MB
Version 8413
Google Chat Web
google-chat
Non-File Inspection
Upload
N/A
10.2.3
Google Cloud Platform
google-cloud-storage-base
File Inspection
Upload
Download
100 MB
None
Google Docs Web
google-docs-editing
Non-File Inspection
Upload
N/A
10.2.3
Google Drive Web
google-base
google-docs
File Inspection
Upload
100 MB
10.2.4
Google Forms Web
google-docs-editing
Non-File Inspection
Upload
N/A
10.2.3
Google Meet Web
google-meet
Non-File Inspection
Upload
N/A
10.2.3
Version 8726-8134
Google Photos Web
google-photos
File Inspection
Upload
10 MB
10.2.3
Version 8745-8229
Google Sheets Web
google-docs-editing
Non-File Inspection
Upload
N/A
10.2.3
Google Slides Web
google-docs-editing
Non-File Inspection
Upload
N/A
10.2.3
Grammarly
grammarly
File Inspection
Upload
4 MB
10.2.3
GSuite (Export via link)
google-base
File Inspection
Download
25 MB
10.2.4
Version 8684-7912
Hubspot Web
hubspot
File Inspection
Upload
20 MB
None
Jira Web
jira
File Inspection
Non-File Inspection
Download
100 MB
(Download and Large File) 10.2.4
LinkedIn Web
linkedin
File Inspection
Non-File Inspection
Upload
Download
20 MB (Upload)
25 MB (Download)
(Non-File) 10.2.3
(Download) 10.2.4
Version 8739-17204
MailChimp
mailchimp
Non-File Inspection
N/A
N/A
10.2.3
Mendeley Web
mendeley
File Inspection
Upload
20 MB
None
Microsoft Azure Storage
windows-azure
File Inspection
Download
100 MB
10.2.4 or 11.0.2
Version 8742-8215
Microsoft Excel Desktop
web-browsing
File Inspection
Non-File Inspection
Download
26 MB
10.2.4
Microsoft Excel Web
web-browsing
File Inspection
Non-File Inspection
Upload
Download
20 MB (Upload)
26 MB (Download)
10.2.4
Microsoft OneDrive Desktop - Business
office365-enterprise-access
sharepoint-online
File Inspection
Upload
Download
100 MB
10.2.4
Version 8684-7912
Microsoft OneDrive Desktop - Personal
ms-onedrive
File Inspection
Upload
100 MB
10.2.4
Version 8684-7912
Microsoft OneDrive Web - Business
office365-enterprise-access
sharepoint-online
File Inspection
Upload
100 MB
10.2.4
(Large file) 11.1.0
Microsoft OneDrive Web - Personal
ms-onedrive
File Inspection
Upload
100 MB
10.2.4
Microsoft OneNote Web
ms-onenote
File Inspection
Non-File Inspection
Upload
Download
20 MB
Version 8413
Microsoft Outlook Web - Mail Attachments from Device and Personal One Drive
ms-office365
File Inspection
Upload
100 MB
Version 8673-7845
(Large file) 11.1.0
Microsoft Power BI Web
web-browsing
File Inspection
Non-File Inspection
Upload
100 MB
None
Microsoft PowerPoint Desktop
ms-powerpoint-online
File Inspection
Non-File Inspection
Download
100 MB
10.2.4
Microsoft PowerPoint Web
ms-powerpoint-online
File Inspection
Non-File Inspection
Download
100 MB
10.2.4
Microsoft SharePoint Desktop
office365-enterprise-access
sharepoint-online
File Inspection
Non-File Inspection
Upload
Download
100 MB
None
Microsoft SharePoint Web
office365-enterprise-access
sharepoint-online
File Inspection
Non-File Inspection
Upload
Download
100 MB
None
Microsoft Teams Desktop - Business
ms-office365
ms-teams
File Inspection
Non-File Inspection
Upload
Download
10 MB (Upload)
100 MB (Download)
10.2.3
Microsoft Teams Desktop - Personal
ms-office365
ms-teams
Non-File Inspection
N/A
N/A
10.2.3
Microsoft Teams Web - Business
ms-office365
ms-teams
File Inspection
Non-File Inspection
Upload
Download
10 MB (Upload)
100 MB (Download)
Version 8742-8215
Large File—PAN-OS 10.2.4 and later or 11.0.2 or later
Non-File—PAN-OS 10.2.3 and later or 11.0.0 or later
Microsoft Teams Web - Personal
ms-office365
ms-teams
File Inspection
Non-File Inspection
Upload
Download
100 MB
Version 8742-8215
Large File—PAN-OS 10.2.4 and later or 11.0.2 or later
Non-File—PAN-OS 10.2.3 and later or 11.0.0 or later
Microsoft Word Desktop
ms-office365
Non-File Inspection
N/A
N/A
10.2.3
Microsoft Word Web
ms-office365
Non-File Inspection
N/A
N/A
10.2.3
Miro Web
realtimeboard
File Inspection
Upload
30 MB
10.2.3
Version 8756-8298
Monday.com Web
monday
File Inspection
Upload
20 MB
None
Naver Mail Web
naver-mail
File Inspection
Upload
Download
100 MB
None
Naverworks
web-browsing
File Inspection
Upload
20 MB
Version 8711-8058
Pastebin Web
pastebin
Non-File Inspection
N/A
N/A
10.2.3
Pinterest
pinterest
Non-File Inspection
Upload
Download
N/A
N/A
Prezi Web
prezi
File Inspection
Upload
20 MB
None
Quip
quip
File Inspection
Upload
Download
100 MB
Version 8735-8187
Quora
quora
Non-File Inspection
N/A
N/A
None
Reddit
reddit
File Inspection
Non-File Inspection
Upload
20 MB
None
Salesforce Web
salesforce
File Inspection
Upload
Download
100 MB
Version 8413
ServiceNow Web
service-now
File Inspection
Non-File Inspection
Upload
Download
100 MB
Version 8413
Slack Desktop
slack
File Inspection
Non-File Inspection
Upload
Download
100 MB
Non-File—PAN-OS 10.2.3 and later or 11.0.0 or later
Slack Web
slack
File Inspection
Non-File Inspection
Upload
Download
100 MB
Non-File—PAN-OS 10.2.3 and later or 11.0.0 or later
Smartsheet Web
smartsheet-web
Non-File Inspection
Upload
N/A
10.2.3 or 11.0.0
Splunk Web
web-browsing
splunk
File Inspection
Upload
100 MB
None
Syncplicity Web
syncplicity
File Inspection
Upload
20 MB
None
Trello Web
trello
File Inspection
Upload
20 MB
None
Twitter Web
twitter
File Inspection
Non-File Inspection
Upload
20 MB
None
Udemy Web
udemy-base
udemy-business
Non-File Inspection
Upload
N/A
10.2.3 or 11.0.0
Web Browsing
web-browsing
File Inspection
Non-File Inspection
Upload
100 MB
None
Webex Desktop
webex
Non-File Inspection
Upload
N/A
Version 8735-8187
Workday Web
workday
File Inspection
Upload
Download
30 MB
Version 8702-8012
Workplace by Facebook Web App
workplace
File Inspection
Upload
20 MB
None
Yahoo Web App Mail Attachments
yahoo-mail-uploading
File Inspection
Non-File Inspection
Upload
25 MB
Version 8413
Yammer Web
yammer
File Inspection
Upload
20 MB
None
Zendesk Web
zendesk
File Inspection
Non-File Inspection
Upload
Download
50 MB
10.2.3 or 11.0.0
(Upload) 10.2.5
Version 8757-8277

GenAI Applications

Generative artificial intelligence (GenAI) Applications supported by Enterprise Data Loss Prevention (E-DLP).
The following table displays the supported generative AI (GenIA) web apps and operational parameters that you can use with Enterprise Data Loss Prevention (E-DLP).
  • All GenAI app support require PAN-OS 10.2.3 or later release.
  • All GenAI apps support only non-file inspection unless otherwise specified.
  • For App-IDs delivered through dynamic content updates, the App-ID refers to the container App-ID for the GenAI app. Refer to the Palo Alto Networks Applipedia for the full list of child App-IDs.
Application
App-ID
Content Version
ACE
Notes
Adobe Express
adobe-express
8872-8848
Adobe Firefly
adobe-firefly
8872-8848
Adrenaline AI
adrenaline-ai
Aflorithmic
aflorithmic
AI Chatting
ai-chatting
AI Story Generator
ai-story-generator
Aithor
aithor
AI Tubo
ai-tubo
Artbreeder
artbreeder
Artflow
artflow
Artiphoria
artiphoria
AskCodi
askcodi
Bannerbear
bannerbear
Beautiful.ai
beautiful
8872-8848
Bito AI
bito
8872-8848
Brainly
brainly-app
Brandmark
brandmark
Caktus
caktus
Candy AI
candy-ai
Charisma.ai
charisma.ai
Chatbot
chatbot
8872-8848
ChatFAI
chatfai
Chatsonic
chatsonic
8792-8469
Claude AI (Anthropic)
claude
8872-8848
Clipdrop
clipdropapp
Clockwise
clockwise
8872-8848
Codium AI
codium-ai
8872-8848
Cody (Knowledge Management)
cody
Cohere Coral Chat
cohere.ai
8852
ContentDetector.AI
contentdetector-ai
Copy AI
copy.ai
8872-8848
CopyMonkey
copymonkey
Course Hero
course-hero
Decktopus
decktopus
Deepgram
deepgram
DeepL
deepl
8732
Describely
describely
DreamTavern
dreamtavern
Echowin
echowin
EduAide
eduaide
ElevenLabs
elevenlabs
8872-8848
Figma Figjam AI
figma-figjam-ai
8852-8753
Fireflies
fireflies.ai
8904-9013
Fliki
flikiapp
Frase
frase
GitHub Copilot
github-copilot
8745-8229
GitHub Copilot Business
github-copilot-business
8745-8229
GitHub Copilot Chat
github-copilot-chat
8825-8649
GitHub Copilot Chat Business
github-copilot-chat-business
8825-8649
Google Gemini (formerly Bard)
google-gemini
8872-8848
Hubspot AI
hubspot-ai
8852
Hugging Face API
huggingface
8852
Humanloop
humanloop
8872-8848
Hypotenuse AI
hypotenuse-ai
8872-8848
Krisp.ai
krisp
8904-9013
Leonardo AI
leonardo-ai
Lex.page
lex.page
MeetGeek
meetgeek
8904-9013
Microsoft Azure OpenAI
azure-openai-api
azure-openai-encrypted
azure-openai-studio
8756
Microsoft Power Apps
ms-powerapps
8852-8753
Murf
murf
8872-8848
When rendering a new model in your Murf.ai project, must not select the Don't Split option. This is option is not supported and prevents Enterprise DLP from inspecting traffic to Murf.ai.
Notion
notion
8529
OpenAI ChatGPT
openai-chatgpt
8872-8848
Phind
phind
Pi
pi
PlayHT
play.ht
8872-8848
poe
poe
Prome AI
prome-ai
Quickchat
quickchat
Reclaim.AI
reclaim.ai
8904-9013
Regie AI
regie.ai
8872-8848
Replicate
replicate
8872-8848
Romantic AI
romantic-ai
Runway
runway-app
8872-8848
Sana AI (Knowledge Management)
sanalabs
8904-9013
Sapling
sapling.ai
8872-8848
Sembly AI
sembly
8872-8848
Simplified
web-browsing
SourceGraph Cody
sourcegraph-cody
8872-8848
Only Cody web chat is supported
Staccato
staccato
ThoughtSpot
thoughtspot
8904-9013
Typeface
typeface
Voiceflow
voiceflow
8872-8848
Writesonic
writesonic
8872-8848
Zendesk AI
zendesk-ai
8862-8796

File Types

File types supported by Enterprise Data Loss Prevention (E-DLP).
Enterprise Data Loss Prevention (E-DLP) supports the following file operations, upload parameters, file types, and actions.
  • File Name Characters—File name up to 64 bytes in length are supported.
  • File Operations—You can upload and download files using HTTP and HTTPS (no FTP or SMTP) using:
    • (DLP 3.0.1 and earlier releases) HTTP/1.1
      Some applications, such as SharePoint and OneDrive, use HTTP/2 by default. To use HTTP/2 files with HTTP/1.1, you need to create a decryption profile and a Security policy rule to strip out the application-layer protocol negotiation (ALPN) extension in headers. See enable Enterprise DLP for more information.
    • (DLP 3.0.2 and later releases) HTTP/1.1 and HTTP/2
  • File Size—The maximum supported file size is dependent on the application. Review the supported applications for more information.
  • Data Flow—File uploads and downloads are supported. Review the supported applications to learn the data flow direction supported for each application.
    Enterprise DLP doesn’t support maintaining a session connection to continue inspection if a file download is paused. The DLP cloud service inspection is terminated for the file if the download operation is paused.
  • Concurrent File Uploads—25 concurrent file uploads are supported.
  • File TypesEnterprise DLP supports inspection of the following file types.
    • Microsoft Office (.doc, .docx, .ppt, .pptx, .xls, .xlsx)
    • Microsoft Visio (.vsd, .vsdm, .vsdx)
      Requires Application and Threats content release 8656-7766 or later versions installed on Panorama and managed firewalls, or Strata Cloud Manager deployment.
    • .csv
    • .pdf
    • .rtf
    • .tsv
    • .txt
  • Image File TypesEnterprise DLP supports extraction and inspection of the following image file types using Optical Character Recognition (OCR).
    • .jpg
    • .jpeg
    • .png
    • .tif
    • .tiff
  • Source Code File FormatsEnterprise DLP supports inspection of the following source code file formats.
    • Cfamily—C, C++, C+, C#, Objective C
    • Go
    • HTML
    • java
    • javascript
    • JSON
    • perl
    • powershell
    • python
    • r
    • ruby
    • vbs
    • verilog
    • vhd1
    • x86_assembly
  • ZIP FilesEnterprise DLP supports inspection of ZIP and 7Z (7-ZIP file archiver) files containing the supported file types listed above.
    Enterprise DLP supports multilevel compressed files.
    • Prisma Access and NGFW (Managed by Panorama or Strata Cloud Manager)—Up to four levels of file compression is supported. The total file size for all uncompressed files may not exceed the maximum supported file size for each application.
    • Data Security—No maximum number of file compression levels. The total file size for all uncompressed files may not exceed the maximum supported file size for each application.
  • Response—Block and Alert actions are supported for HTTP and HTTPS files. However, the Block page doesn’t display the name of the file that the managed firewall blocked.

Encoding Schemas

Encoding schemas supported by Enterprise Data Loss Prevention (E-DLP).
Enterprise DLP supports the following encoding schemas for supported file types.
Detection of encoding schemas for any DLP service relies on heuristically guessing the character encoding of a series of bytes that represent text. As a result, encoding schema detection is recognized as being inherently unreliable. This means that Enterprise DLP may not be able to always detect encoded files. Palo Alto Networks is continuously working on and improving Enterprise DLP's ability to detect encoded file types to prevent exfiltration of sensitive data.
  • Base64
  • Big5
  • EUC-JP
  • EUC-KR
  • GB18030
  • IBM855
  • ISO-2022-CN
  • UISO-2022-JP
  • ISO-2022-KR
  • ISO-8599-1
  • ISO-8599-2
  • ISO-8599-3
  • ISO-8599-4
  • ISO-8599-5
  • ISO-8599-6
  • ISO-8599-7
  • ISO-8599-8
  • ISO-8599-9
  • ISO-8599-11
  • ISO-8599-12
  • ISO-8599-13
  • ISO-8599-15
  • KOI8-R
  • Shift_JIS
  • UTF-8
  • UTF-16BE
  • UTF-16LE
  • windows-1251
  • windows-1252
  • windows-1253
  • windows-1255

Detection Methods

Supported Enterprise Data Loss Prevention (E-DLP) detection methods to detect sensitive data.
Review the list of Enterprise Data Loss Prevention (E-DLP) detection methods. Detection methods are traffic match criteria techniques used by Enterprise DLP to inspect for and prevent exfilitration of sensitive data. Detection methods can be added alongside any combination of predefined, custom regex, or file property data patterns in an advanced data profile.
Feature
Description
PanoramaStrata Cloud Manager
Upload custom documents containing intellectual property for which you want to prevent exfiltration. Custom document types function as traffic match criteria in advanced data profiles.
Configured on Strata Cloud Manager
Advanced data profiles allow you to specify whether you want to Enterprise DLP to detect all instances of traffic match criteria or only unique instances of the traffic match criteria.
Data dictionaries are a collection of one or more keywords or phrases that you want to detect and prevent exfilitration. A data dictionary is added as a match criteria alongside the other supported match criteria in advanced and nested data profiles to increase the Enterprise Data Loss Prevention (E-DLP) detection accuracy.
Configured on Strata Cloud Manager
Upload data sets to detect sensitive and personally identifiable information (PII) in structured data sources. EDM data sets function as traffic match criteria in advanced data profiles.
Configured on Strata Cloud Manager
Allows Enterprise DLP to inspect images containing sensitive data in file-based traffic inspection.
Configured on Strata Cloud Manager

Features

Supported Enterprise Data Loss Prevention (E-DLP) features.
Review the list of supported Enterprise Data Loss Prevention (E-DLP) features.
Some Enterprise DLP features supported on NGFW (Managed by Panorama) and Prisma Access (Managed by Panorama) require access to Strata Cloud Manager to enable and configure.
See the supported data profile actions for Enterprise DLP for more information on which data profile actions are supported.
Feature
Description
PanoramaStrata Cloud Manager
Custom data profile that can include all functionality of classic data patterns, and advanced detection methods such as Exact Data Matching (EDM) or custom document types.
Configured on Strata Cloud Manager
Audit logs for a comprehensive history of the changes that occurred across Enterprise DLP. They maintain a history of when data patterns and data profiles are created, updated, or deleted.
Configured on Strata Cloud Manager
Custom data profile that can include any combination of predefined, regular expression (regex), or file property data patterns.
Provides quantifiable metrics to measure the overall data risk for your organization and gives administrators the ability to analyze and take preventative action to strengthen your data risk security posture using the Data Risk Dashboard.
Enterprise DLP performs inline inspection of outbound emails to prevent exfiltration of emails containing sensitive information using AI/ML powered data detections.
Use Endpoint DLP to prevent exfiltration of sensitive data to peripheral devices such as USB devices, printers, and network shares, or to control access to them.
Integrate Enterprise DLP with Cortex XSOAR to use Enterprise DLP End User Alerting, granting your team members the ability to self-service temporary exemptions for file uploads that match your data profiles.
Configured on Strata Cloud Manager
Enterprise DLP Migrator
Use the Enterprise Data Loss Prevention (E-DLP) Migrator to migrate your Symantec DLP policy rules and convert them into SaaS Security policy rules. This allows you to quickly transition to Palo Alto Networks Enterprise DLP without the need to manually recreate all your Security policy rules designed to prevent exfiltration of sensitive data.
Connect an AWS storage bucket, Azure storage bucket, or SFTP server to Enterprise DLP to automatically store files scanned by the DLP cloud service that match your data profiles. After a file is successfully stored, you can download the file for further investigation.
Configured on Strata Cloud Manager
Monitor sharing of sensitive passwords over chat-based applications. Enterprise DLP uses contextual messages to understand instances where a password might have been shared. When Enterprise DLP detects that a password was shared, a DLP Incident is generated that displays a snippet of the response containing the password.
Custom data profile that contains multiple nested data profiles that allows you to consolidate the match criteria to prevent exfiltration of sensitive data to a single data profile that can be used in a single Security policy rule.
Configured on Strata Cloud Manager
Configure Enterprise DLP data profiles to inspect non-file based traffic to prevent exfiltration of sensitive data through collaboration applications, web forms, Cloud applications, and social media.
Report false positive detections to Palo Alto Networks to improve Enterprise DLP detection accuracy for yourself and other Enterprise DLP users. False positive detections are reported against the DLP Incident where the false positive detection occurred.
Configured on Strata Cloud Manager
Create a Log Forwarding profile to automatically forward Enterprise Data Loss Prevention (E-DLP) incident syslogs to your third-party security information and event management (SIEM), Security Orchestration, and Response (SOAR), or other automated ticketing systems. This enables your SOC Analysts and Incident admins to effectively triage, review, and resolve data security risks that occur in your organization.
Test the efficacy of your Enterprise Data Loss Prevention (E-DLP) data profiles before adding them to your Security policy rule and pushing to your production NGFW and Prisma Access tenants. This allows you to validate your data profiles against a file containing known sensitive data to ensure accurate detection by Enterprise DLP.
Configured on Strata Cloud Manager

Double Byte Characters

Enterprise Data Loss Prevention (E-DLP) supports detection of sensitive data in Chinese, Japanese, and Korean (CJK) double byte characters.
Enterprise Data Loss Prevention (E-DLP) supports detection of sensitive data for the following double bye character set languages:
  • Chinese (simplified)
  • Chinese (traditional)
  • Korean
  • Japanese
Review the table below to learn more about which Enterprise DLP enforcement channels, file types, and detection methods support and don't support double byte characters.
For example, Enterprise DLP can inspect and block an outbound email if sensitive data is written in double byte plaintext characters directly in the email subject or body. However Enterprise DLP can't inspect and block an outbound email if sensitive data is written in double byte plaintext characters in a document meant to be detected with a custom document type.

Non-File Based Traffic

Enterprise Data Loss Prevention (E-DLP) supports inspection of non-file based traffic.
Enterprise Data Loss Prevention (E-DLP) supports inspection of non-file based traffic for sensitive data. A data filtering profile configured for non-file based traffic detection allows you to configure URL and application exclusion lists to exclude specific URL and application traffic from Enterprise DLP inspection.
On the Panorama™ management server, each data profile you create can be configured to inspect for either file based traffic or for non-file based traffic, or for both. On Strata Cloud Manager, you need to enable non-file based DLP inspection. After you enable this setting on Strata Cloud Manager you can modify a DLP rule to inspect for either file based traffic or for non-file based traffic, or for both.
Inspection of non-file based traffic is supported on Panorama running PAN-OS 10.2.1 and later releases and Enterprise DLP plugin 3.0.1 and later releases.
To upgrade to PAN-OS 10.2.1, you must install Application and Threats content release version 8552-7333 or later version on Panorama and managed firewalls using Enterprise DLP. This is required to support non-file based traffic inspection.