Learn about the supported applications and operational parameters for Enterprise Data Loss Prevention (E-DLP).
Where Can I Use This?
What Do I Need?
NGFW (Managed by Panorama or Strata Cloud Manager)
Prisma Access (Managed by Panorama or Strata Cloud Manager)
Enterprise Data Loss Prevention (E-DLP) license
Review the Supported
Platforms for details on the required license
for each enforcement point.
Or any of the following licenses that include the Enterprise DLP license
Prisma Access CASB license
Next-Generation
CASB for Prisma Access and NGFW (CASB-X) license
Data Security license
Learn about the products that support Enterprise Data Loss Prevention (E-DLP) and its features:
(.csv, .docx, .tsv, .xls, and .xlsx File Types) Enterprise DLP utilizes structured data processing for the supported file types
which support tabular data formats. This allows Enterprise DLP to perform
intelligent column analysis and implements advanced header detection techniques that
treat column headers as proximity keywords that influence detection confidence.
Additionally, structured data processing allows Enterprise DLP to use machine
learning techniques to handle cases of misspelled or missing headers more
effectively.
Platforms supported by Enterprise Data Loss Prevention (E-DLP).
The following platforms support Enterprise Data Loss Prevention (E-DLP). Enterprise DLP data
patterns and data filtering profiles are designed to work across all supported platforms
to provide consistent data security across all locations. Review the minimum versions
and licenses required for each.
Enterprise DLP supports multitenancy on the Panorama™ management server with the
following restrictions:
Only a Superuser on Panorama can create Enterprise DLPpatterns and profiles, and can associate profiles
to Security policy rules for tenants.
A Superuser must commit all changes to Panorama whenever they make
changes to patterns and profiles.
All tenants share a single copy of pattern and profile configurations; therefore,
Enterprise DLP synchronizes any changes done you make across all your
tenants where you activated Enterprise DLP.
Since Security policy rules can be different across tenants, each tenant can have
different data profiles associated with Security policy rules.
NGFW and VM-Series (Managed by Panorama)
PA-410, PA-415, and PA-415-5G firewalls are not supported.
NGFWPAN-OS Version—PAN-OS 10.0.2 or a later
version.
To successfully use Enterprise DLP, you must configure your Security
policy rule and Security Profile Group on Panorama and push
these configurations to your managed firewalls.
Enterprise DLP does not support pushing an Enterprise DLP data
filtering profile to your managed firewall and referencing the data
filtering profile in a Security policy rule or Security Profile Group
created locally on the firewall.
Apps & Threats Content Update Version—Application and Threats
content release version 8334 or a later version.
Upgrade to PAN-OS 10.0.3 and install Application and Threats content
release version 8413 or later version for additional application support.
Licenses—Support licenses (NGFW and Panorama) and a Panorama device management license.
Prisma Access (Managed by Panorama)
Prisma Access Version—Prisma Access 2.0 Innovation or a
later version.
To successfully use Enterprise DLP, you must configure your Security
policy rule and Security Profile Group on Panorama and push
these configurations to your managed firewalls.
Enterprise DLP does not support pushing an Enterprise DLP data
filtering profile to your managed firewall and referencing the data
filtering profile in a Security policy rule or Security Profile Group
created locally on the firewall.
Apps & Threats Content Update Version—Application and Threats
content release version 8334 or a later version.
Install Application and Threats content release version 8413 or later
version for additional application
support.
Licenses—Prisma Access license, Strata Logging Service
license, and Panorama support license.
NGFW and VM-Series (Managed by Strata Cloud Manager)
PA-410, PA-415, and PA-415-5G firewalls are not supported.
Review the list of NGFWsupported on Strata Cloud Manager.
NGFWPAN-OS Version—PAN-OS 10.2.3 or a later version.
Apps & Threats Content Update Version—Application and Threats
content release version 8614 or a later version.
Licenses—NGFW support license and a AIOps for NGFW Premium license.
However, the CASB-X and CASB-PA licenses
include the Enterprise DLP license by default and does not require
a separate license to activate and use Enterprise DLP.
Important: Install the Panorama plugin for Enterprise DLP 1.0.6 or later release if you’re using Enterprise DLP on both NGFW and Prisma Access
(Managed by Strata Cloud Manager) and NGFW and Prisma Access (Managed by Panorama).
This is required to ensure Enterprise DLP configurations are
successfully synchronized across both Strata Cloud Manager and Panorama.
Applications
Applications supported by Enterprise Data Loss Prevention (E-DLP).
The following table displays the supported web applications and operational
parameters that you can use with Enterprise Data Loss Prevention (E-DLP). See the Supported File Types
for more information on which file types Enterprise DLP can inspect and render a
verdict on across all applications. Refer to the Palo
Alto Networks Applipedia for more information on each application App-ID.
Some application support might have a Minimum Version Requirement.
The minimum version requirement to support inspection of an application might require a
minimum PAN-OS version or an Apps & Threats content release version installed.
Some Enterprise DLP functionality is dependent on a PAN-OS release.
Any application that supports the Non-File Inspection Inspection
Type requires PAN-OS 10.2.3 or later PAN-OS release.
Any application that supports a Max File Size larger than 20 MB requires
PAN-OS 10.2.4 or later PAN-OS 10.2 release, or PAN-OS 11.0.2 or later release.
Any application that supports the Download Direction requires PAN-OS
10.2.4 or later PAN-OS 10.2 release, or PAN-OS 11.0.2 or later release.
To upgrade Panorama or Strata Cloud Manager.
For Panorama, upgradePanorama and managed firewalls to the Minimum
Version Requirement or later release.
For Prisma Access (Managed by Panorama), you must upgrade Panorama to the
Minimum Version Requirement and ensure
your Prisma Accesstenants are running the
Minimum Version Requirement or later
release.
For Cloud Management, a PAN-OS software upgrade in
the Strata Cloud Manager infrastructure to the Minimum
Version Requirement or later release is required.
You can view the Software Version in
the Strata Cloud ManagerOverview.
Review the Compatibility Matrix for
the minimum plugin versions required for your target upgrade
version.
To use Gmail, you must disable the Quick UDP Internet Connection (QUIC) protocol.
Palo Alto Networks recommends that you disable QUIC in Chrome. To do so, specify
chrome://flags/ in the Chrome Experimental QUIC
Protocol, and select Disabled.
Application
App-ID
Inspection Type
(File and Non-File)
Direction
Max File Size
Minimum Version Requirement
AirTable
airtable
Non-File Inspection
N/A
N/A
10.2.3
Amazon Cloud Drive Web
amazon-cloud-drive
File Inspection
Upload
20 MB
None
Amazon S3 REST API
web-browsing
File Inspection
Upload
20 MB
None
Apple iCloud Web
icloud
File Inspection
Upload
20 MB
None
Asana Web
asana
File Inspection
Upload
20 MB
None
Basecamp Web
basecamp
File Inspection
Upload
20 MB
None
Bitrix24 Web
bitrix24
File Inspection
Upload
20 MB
None
Blackboard Web
blackboard
File Inspection
Upload
20 MB
None
Blogs (e.g Wordpress, Medium)
blog-posting
File Inspection
Non-File Inspection
Upload
20 MB
None
Box Desktop
boxnet
File Inspection
Upload
Download
20 MB (Upload)
100 MB (Download)
Version 8413
Box Web
boxnet
File Inspection
Upload
Download
100 MB
Version 8413
Canvas Web
canvas
File Inspection
Upload
20 MB
None
Confluence Web
confluence-base
web-browsing
Non-File Inspection
Upload
N/A
10.2.3
DocSend Web
docsend
File Inspection
Upload
20 MB
None
Dropbox Web
dropbox
File Inspection
Upload
Download
100 MB
11.1.0
Egnyte Web
egnyte
File Inspection
Upload
20 MB
None
Evernote Web
evernote
Non-File Inspection
Upload
N/A
10.2.3
Facebook Messenger Web
facebook-chat
File Inspection
Upload
Download
25MB
None
Facebook Web
Images only
facebook-uploading
File Inspection
Upload
10 MB
10.2.3
FilesAnywhere Web
filesanywhere
File Inspection
Upload
20 MB
None
Freshdesk Web
freshdesk
File Inspection
Upload
20 MB
None
GitHub Web
github
File Inspection
Upload
20 MB
Version 8413
Gitlab - Web-based File Attachment and Standard Traffic
gitlab
File Inspection
Non-File Inspection
Upload
100 MB
Version 8413
Glassdoor Web
web-browsing
Non-File Inspection
Upload
N/A
10.2.3
Gmail Web - Mail Attachments
gmail
File Inspection
Non-File Inspection
Upload
100 MB
Version 8413
Google Chat Web
google-chat
Non-File Inspection
Upload
N/A
10.2.3
Google Cloud Platform
google-cloud-storage-base
File Inspection
Upload
Download
100 MB
None
Google Docs Web
google-docs-editing
Non-File Inspection
Upload
N/A
10.2.3
Google Drive Web
google-base
google-docs
File Inspection
Upload
100 MB
10.2.4
Google Forms Web
google-docs-editing
Non-File Inspection
Upload
N/A
10.2.3
Google Meet Web
google-meet
Non-File Inspection
Upload
N/A
10.2.3
Version 8726-8134
Google Photos Web
google-photos
File Inspection
Upload
10 MB
10.2.3
Version 8745-8229
Google Sheets Web
google-docs-editing
Non-File Inspection
Upload
N/A
10.2.3
Google Slides Web
google-docs-editing
Non-File Inspection
Upload
N/A
10.2.3
Grammarly
grammarly
File Inspection
Upload
4 MB
10.2.3
GSuite (Export via link)
google-base
File Inspection
Download
25 MB
10.2.4
Version 8684-7912
Hubspot Web
hubspot
File Inspection
Upload
20 MB
None
Jira Web
jira
File Inspection
Non-File Inspection
Download
100 MB
(Download and Large File) 10.2.4
LinkedIn Web
linkedin
File Inspection
Non-File Inspection
Upload
Download
20 MB (Upload)
25 MB (Download)
(Non-File) 10.2.3
(Download) 10.2.4
Version 8739-17204
MailChimp
mailchimp
Non-File Inspection
N/A
N/A
10.2.3
Mendeley Web
mendeley
File Inspection
Upload
20 MB
None
Microsoft Azure Storage
windows-azure
File Inspection
Download
100 MB
10.2.4 or 11.0.2
Version 8742-8215
Microsoft Excel Desktop
web-browsing
File Inspection
Non-File Inspection
Download
26 MB
10.2.4
Microsoft Excel Web
web-browsing
File Inspection
Non-File Inspection
Upload
Download
20 MB (Upload)
26 MB (Download)
10.2.4
Microsoft OneDrive Desktop - Business
office365-enterprise-access
sharepoint-online
File Inspection
Upload
Download
100 MB
10.2.4
Version 8684-7912
Microsoft OneDrive Desktop - Personal
ms-onedrive
File Inspection
Upload
100 MB
10.2.4
Version 8684-7912
Microsoft OneDrive Web - Business
office365-enterprise-access
sharepoint-online
File Inspection
Upload
100 MB
10.2.4
(Large file) 11.1.0
Microsoft OneDrive Web - Personal
ms-onedrive
File Inspection
Upload
100 MB
10.2.4
Microsoft OneNote Web
ms-onenote
File Inspection
Non-File Inspection
Upload
Download
20 MB
Version 8413
Microsoft Outlook Web - Mail Attachments from Device and Personal One
Drive
ms-office365
File Inspection
Upload
100 MB
Version 8673-7845
(Large file) 11.1.0
Microsoft Power BI Web
web-browsing
File Inspection
Non-File Inspection
Upload
100 MB
None
Microsoft PowerPoint Desktop
ms-powerpoint-online
File Inspection
Non-File Inspection
Download
100 MB
10.2.4
Microsoft PowerPoint Web
ms-powerpoint-online
File Inspection
Non-File Inspection
Download
100 MB
10.2.4
Microsoft SharePoint Desktop
office365-enterprise-access
sharepoint-online
File Inspection
Non-File Inspection
Upload
Download
100 MB
None
Microsoft SharePoint Web
office365-enterprise-access
sharepoint-online
File Inspection
Non-File Inspection
Upload
Download
100 MB
None
Microsoft Teams Desktop - Business
ms-office365
ms-teams
File Inspection
Non-File Inspection
Upload
Download
10 MB (Upload)
100 MB (Download)
10.2.3
Microsoft Teams Desktop - Personal
ms-office365
ms-teams
Non-File Inspection
N/A
N/A
10.2.3
Microsoft Teams Web - Business
ms-office365
ms-teams
File Inspection
Non-File Inspection
Upload
Download
10 MB (Upload)
100 MB (Download)
Version 8742-8215
Large File—PAN-OS 10.2.4 and later or 11.0.2 or later
Non-File—PAN-OS 10.2.3 and later or 11.0.0 or later
Microsoft Teams Web - Personal
ms-office365
ms-teams
File Inspection
Non-File Inspection
Upload
Download
100 MB
Version 8742-8215
Large File—PAN-OS 10.2.4 and later or 11.0.2 or later
Non-File—PAN-OS 10.2.3 and later or 11.0.0 or later
Microsoft Word Desktop
ms-office365
Non-File Inspection
N/A
N/A
10.2.3
Microsoft Word Web
ms-office365
Non-File Inspection
N/A
N/A
10.2.3
Miro Web
realtimeboard
File Inspection
Upload
30 MB
10.2.3
Version 8756-8298
Monday.com Web
monday
File Inspection
Upload
20 MB
None
Naver Mail Web
naver-mail
File Inspection
Upload
Download
100 MB
None
Naverworks
web-browsing
File Inspection
Upload
20 MB
Version 8711-8058
Pastebin Web
pastebin
Non-File Inspection
N/A
N/A
10.2.3
Pinterest
pinterest
Non-File Inspection
Upload
Download
N/A
N/A
Prezi Web
prezi
File Inspection
Upload
20 MB
None
Quip
quip
File Inspection
Upload
Download
100 MB
Version 8735-8187
Quora
quora
Non-File Inspection
N/A
N/A
None
Reddit
reddit
File Inspection
Non-File Inspection
Upload
20 MB
None
Salesforce Web
salesforce
File Inspection
Upload
Download
100 MB
Version 8413
ServiceNow Web
service-now
File Inspection
Non-File Inspection
Upload
Download
100 MB
Version 8413
Slack Desktop
slack
File Inspection
Non-File Inspection
Upload
Download
100 MB
Non-File—PAN-OS 10.2.3 and later or 11.0.0 or later
Slack Web
slack
File Inspection
Non-File Inspection
Upload
Download
100 MB
Non-File—PAN-OS 10.2.3 and later or 11.0.0 or later
Smartsheet Web
smartsheet-web
Non-File Inspection
Upload
N/A
10.2.3 or 11.0.0
Splunk Web
web-browsing
splunk
File Inspection
Upload
100 MB
None
Syncplicity Web
syncplicity
File Inspection
Upload
20 MB
None
Trello Web
trello
File Inspection
Upload
20 MB
None
Twitter Web
twitter
File Inspection
Non-File Inspection
Upload
20 MB
None
Udemy Web
udemy-base
udemy-business
Non-File Inspection
Upload
N/A
10.2.3 or 11.0.0
Web Browsing
web-browsing
File Inspection
Non-File Inspection
Upload
100 MB
None
Webex Desktop
webex
Non-File Inspection
Upload
N/A
Version 8735-8187
Workday Web
workday
File Inspection
Upload
Download
30 MB
Version 8702-8012
Workplace by Facebook Web App
workplace
File Inspection
Upload
20 MB
None
Yahoo Web App Mail Attachments
yahoo-mail-uploading
File Inspection
Non-File Inspection
Upload
25 MB
Version 8413
Yammer Web
yammer
File Inspection
Upload
20 MB
None
Zendesk Web
zendesk
File Inspection
Non-File Inspection
Upload
Download
50 MB
10.2.3 or 11.0.0
(Upload) 10.2.5
Version 8757-8277
GenAI Apps
Generative artificial intelligence (GenAI) Applications supported by Enterprise Data Loss Prevention (E-DLP).
The following table displays the supported generative AI (GenIA) web apps
and operational parameters that you can use with Enterprise Data Loss Prevention (E-DLP).
All GenAI app support require PAN-OS 10.2.3 or later release.
All GenAI apps support only non-file inspection unless otherwise specified.
For App-IDs delivered through dynamic content updates, the App-ID refers to the
container App-ID for the GenAI app. Refer to the Palo Alto NetworksApplipedia for the full list of child App-IDs.
Application
App-ID
Content Version
ACE
Notes
Adobe Express
adobe-express
8872-8848
—
—
Adobe Firefly
adobe-firefly
8872-8848
—
—
Adrenaline AI
adrenaline-ai
—
√
—
Aflorithmic
aflorithmic
—
√
—
AI Chatting
ai-chatting
—
√
—
AI Story Generator
ai-story-generator
—
√
—
Aithor
aithor
—
√
—
AI Tubo
ai-tubo
—
√
—
AIVA
aiva-ai
—
√
The 100 character prompt limit may lack sufficient context to trigger
ML-based detections.
Artbreeder
artbreeder
—
√
—
Artflow
artflow
—
√
—
Artiphoria
artiphoria
—
√
—
AskCodi
askcodi
—
√
—
Bannerbear
bannerbear
—
√
—
Beautiful.ai
beautiful
8872-8848
—
—
Bito AI
bito
8872-8848
—
—
Brainly
brainly-app
—
√
—
Brandmark
brandmark
—
√
—
Caktus
caktus
—
√
—
Candy AI
candy-ai
—
√
—
Case de Sante AI Meal Planner
casa-de-sante-ai-meal-planner
—
√
—
Charisma.ai
charisma.ai
—
√
—
Chatai.com
chatai
—
√
—
Chatbot
chatbot
8872-8848
—
—
ChatFAI
chatfai
—
√
—
ChatHub
chathub.gg
—
√
—
Chatsonic
chatsonic
8792-8469
—
—
Claude AI (Anthropic)
claude
8872-8848
—
—
Clipdrop
clipdropapp
—
√
—
Clockwise
clockwise
8872-8848
—
—
Codium AI
codium-ai
8872-8848
—
—
Cody (Knowledge Management)
cody
—
√
—
Cohere Coral Chat
cohere.ai
8852
—
—
ContentDetector.AI
contentdetector-ai
—
√
—
Copy AI
copy.ai
8872-8848
—
—
CopyMonkey
copymonkey
—
√
—
Course Hero
course-hero
—
√
—
Decktopus
decktopus
—
√
—
Deepgram
deepgram
—
√
—
DeepL
deepl
8732
—
—
Describely
describely
—
√
—
DreamTavern
dreamtavern
—
√
—
Echowin
echowin
—
√
—
EduAide
eduaide
—
√
—
ElevenLabs
elevenlabs
8872-8848
—
—
Figma Figjam AI
figma-figjam-ai
8852-8753
—
—
Fireflies
fireflies.ai
8904-9013
—
—
Fliki
flikiapp
—
√
—
Flyfin
flyfin
—
√
—
Frase
frase
—
√
—
GitHub Copilot
github-copilot
8745-8229
—
—
GitHub Copilot Business
github-copilot-business
8745-8229
—
—
GitHub Copilot Chat
github-copilot-chat
8825-8649
—
—
GitHub Copilot Chat Business
github-copilot-chat-business
8825-8649
—
—
Google Gemini (formerly Bard)
google-gemini
8872-8848
—
—
Groq Chat
groq-chat
—
√
—
Hubspot AI
hubspot-ai
8852
—
—
Hugging Face API
huggingface
8852
—
—
Humanloop
humanloop
8872-8848
—
—
Hypotenuse AI
hypotenuse-ai
8872-8848
—
—
Kittl
kittl
—
√
—
Krater
krater
—
√
—
Krisp.ai
krisp
8904-9013
—
—
Leonardo AI
leonardo-ai
—
√
—
Lex.page
lex.page
—
√
—
MeetGeek
meetgeek
8904-9013
—
—
Microsoft Azure OpenAI
azure-openai-api
azure-openai-encrypted
azure-openai-studio
8756
—
—
Microsoft Power Apps
ms-powerapps
8852-8753
—
—
Murf
murf
8872-8848
—
When rendering a new model in your Murf.ai project, must not select
the Don't Split option. This is option is not
supported and prevents Enterprise DLP from inspecting traffic
to Murf.ai.
Notion
notion
8529
—
—
OpenAI ChatGPT
openai-chatgpt
8872-8848
—
—
Phind
phind
—
√
—
Pi
pi
—
√
—
PlayHT
play.ht
8872-8848
—
—
poe
poe
—
√
—
Prome AI
prome-ai
—
√
—
Quickchat
quickchat
—
√
—
Reclaim.AI
reclaim.ai
8904-9013
—
—
Regie AI
regie.ai
8872-8848
—
—
Replicate
replicate
8872-8848
—
—
Romantic AI
romantic-ai
—
√
—
Runway
runway-app
8872-8848
—
—
Sana AI (Knowledge Management)
sanalabs
8904-9013
—
—
Sapling
sapling.ai
8872-8848
—
—
Sembly AI
sembly
8872-8848
—
—
Simplified
web-browsing
—
—
—
SourceGraph Cody
sourcegraph-cody
8872-8848
—
Only Cody web chat is supported
Staccato
staccato
—
√
—
ThoughtSpot
thoughtspot
8904-9013
—
—
Typeface
typeface
—
√
—
Voiceflow
voiceflow
8872-8848
—
—
Writesonic
writesonic
8872-8848
—
—
Zendesk AI
zendesk-ai
8862-8796
—
—
File Types
File types supported by Enterprise Data Loss Prevention (E-DLP).
Enterprise Data Loss Prevention (E-DLP) supports the following file operations, upload parameters, file
types, and actions.
File Name Characters—File name up to 64 bytes in length are supported.
File Operations—You can upload and download files using HTTP and HTTPS (no
FTP or SMTP) using:
(DLP 3.0.1 and earlier releases) HTTP/1.1
Some applications, such as SharePoint and OneDrive, use HTTP/2 by
default. To use HTTP/2 files with HTTP/1.1, you need to create a
decryption profile and a Security policy rule to strip out the
application-layer protocol negotiation (ALPN) extension in headers.
See enableEnterprise DLP for more information.
(DLP 3.0.2 and later releases) HTTP/1.1 and HTTP/2
File Size—The maximum supported file size is dependent on the application.
Review the supported applications for
more information.
Data Flow—File uploads and downloads are supported. Review the supported applications to
learn the data flow direction supported for each application.
Enterprise DLP doesn’t support maintaining a session connection to
continue inspection if a file download is paused. The DLP cloud service
inspection is terminated for the file if the download operation is
paused.
Concurrent File Uploads—25 concurrent file uploads are supported.
File Types—Enterprise DLP supports inspection of the following file
types.
Microsoft Office (.doc, .docx, .ppt, .pptx, .xls, .xlsx)
Microsoft Visio (.vsd, .vsdm, .vsdx)
Requires Application and Threats
content release 8656-7766 or later versions installed
on Panorama and managed firewalls, or Strata Cloud Manager deployment.
.csv
.pdf
.rtf
.tsv
.txt
Image File Types—Enterprise DLP supports extraction and inspection of
the following image file types using Optical Character Recognition
(OCR).
.jpg
.jpeg
.png
.tif
.tiff
Source Code File Formats—Enterprise DLP supports inspection of the
following source code file formats.
Cfamily—C, C++, C+, C#, Objective C
Go
HTML
java
javascript
perl
powershell
python
r
ruby
vbs
verilog
vhd1
x86_assembly
ZIP Files—Enterprise DLP supports inspection of ZIP and 7Z (7-ZIP
file archiver) files containing the supported file types listed above.
Prisma Access and NGFW (Managed by Panorama or Strata Cloud Manager)—Up to four
levels of file compression is supported. The total file size for all
uncompressed files may not exceed the maximum supported file size
for each application.
Data Security—No maximum number of file compression
levels. The total file size for all uncompressed files may not
exceed the maximum supported file size for each application.
Response—Block and Alert actions are supported for HTTP and HTTPS files.
However, the Block page doesn’t display the name of the file that the managed
firewall blocked.
Encoding Schemas
Encoding schemas supported by Enterprise Data Loss Prevention (E-DLP).
Enterprise DLP supports the following encoding schemas for supported file types.
Detection of encoding schemas for any DLP service relies on heuristically guessing
the character encoding of a series of bytes that represent text. As a result,
encoding schema detection is recognized as being inherently unreliable. This means
that Enterprise DLP may not be able to always detect encoded files. Palo Alto
Networks is continuously working on and improving Enterprise DLP's ability to
detect encoded file types to prevent exfiltration of sensitive data.
Base64
Big5
EUC-JP
EUC-KR
GB18030
IBM855
ISO-2022-CN
UISO-2022-JP
ISO-2022-KR
ISO-8599-1
ISO-8599-2
ISO-8599-3
ISO-8599-4
ISO-8599-5
ISO-8599-6
ISO-8599-7
ISO-8599-8
ISO-8599-9
ISO-8599-11
ISO-8599-12
ISO-8599-13
ISO-8599-15
KOI8-R
Shift_JIS
UTF-8
UTF-16BE
UTF-16LE
windows-1251
windows-1252
windows-1253
windows-1255
Detection Methods
Supported Enterprise Data Loss Prevention (E-DLP) detection methods to detect sensitive
data.
Review the list of Enterprise Data Loss Prevention (E-DLP) detection methods. Detection methods are
traffic match criteria techniques used by Enterprise DLP to inspect for and prevent
exfilitration of sensitive data. Detection methods can be added alongside any
combination of predefined, custom regex, or file property data patterns in an advanced data profile.
Upload custom documents containing intellectual property for which
you want to prevent exfiltration. Custom document types function as
traffic match criteria in advanced data profiles.
Advanced data profiles allow you to specify whether you want to Enterprise DLP to detect all instances of traffic match
criteria or only unique instances of the traffic match criteria.
Data dictionaries are a collection of one or more keywords or phrases that you
want to detect and prevent exfilitration. A data dictionary is added
as a match criteria alongside the other supported match criteria in
advanced and nested data profiles to
increase the Enterprise Data Loss Prevention (E-DLP) detection accuracy.
Upload data sets to detect sensitive and personally identifiable
information (PII) in structured data sources. EDM data sets function
as traffic match criteria in advanced data profiles.
Allows Enterprise DLP to inspect images containing sensitive
data in file-based traffic inspection.
√
Configured on Strata Cloud Manager
√
Features
Supported Enterprise Data Loss Prevention (E-DLP) features.
Review the list of supported Enterprise Data Loss Prevention (E-DLP) features.
Some Enterprise DLP features supported on NGFW (Managed by Panorama) and Prisma Access (Managed by Panorama) require access to Strata Cloud Manager to enable and configure.
See the supported data profile actions for Enterprise DLP
for more information on which data profile actions are supported.
Custom data profile that can include all functionality of classic data patterns, and advanced detection methods such as
Exact Data Matching (EDM) or custom document types.
Audit logs for a comprehensive history of the changes that occurred across Enterprise DLP. They maintain a history of when data patterns and data profiles are created, updated, or
deleted.
Provides quantifiable metrics to measure the overall data risk for your
organization and gives administrators the ability to analyze and take preventative
action to strengthen your data risk security posture using the Data Risk
Dashboard.
Enterprise DLP performs inline inspection of outbound emails to prevent
exfiltration of emails containing sensitive information using AI/ML powered data
detections.
Use Endpoint DLP to prevent exfiltration of sensitive data to peripheral devices
such as USB devices, printers, and network shares, or to control access to them.
Integrate Enterprise DLP with Cortex XSOAR to use Enterprise DLP
End User Alerting, granting your team members the ability to self-service temporary
exemptions for file uploads that match your data profiles.
Use the Enterprise Data Loss Prevention (E-DLP) Migrator to migrate your Symantec DLP policy rules
and convert them into SaaS Security policy rules. This allows you to
quickly transition to Palo Alto Networks Enterprise DLP without the need to
manually recreate all your Security policy rules designed to prevent exfiltration of
sensitive data.
Connect an AWS storage bucket, Azure storage bucket, or SFTP server to Enterprise DLP to automatically store files scanned by the DLP cloud service that
match your data profiles. After a file is successfully stored, you can download the
file for further investigation.
Monitor sharing of sensitive passwords over chat-based applications. Enterprise DLP uses contextual messages to understand instances where a password
might have been shared. When Enterprise DLP detects that a password was shared,
a DLP Incident is generated that displays a snippet of the response containing the
password.
Custom data profile that contains multiple nested data profiles that allows you to
consolidate the match criteria to prevent exfiltration of sensitive data to a single
data profile that can be used in a single Security policy rule.
Configure Enterprise DLP data profiles to inspect non-file based traffic to
prevent exfiltration of sensitive data through collaboration applications, web forms,
Cloud applications, and social media.
Report false positive detections to Palo Alto Networks to improve Enterprise DLP detection accuracy for yourself and other Enterprise DLP
users. False positive detections are reported against the DLP Incident where the
false positive detection occurred.
Create a Log Forwarding profile to automatically forward Enterprise Data Loss Prevention (E-DLP)
incident syslogs to your third-party security information and event management (SIEM),
Security Orchestration, and Response (SOAR), or other automated ticketing systems.
This enables your SOC Analysts and Incident admins to effectively triage, review, and
resolve data security risks that occur in your organization.
Test the efficacy of your Enterprise Data Loss Prevention (E-DLP) data profiles before adding them
to your Security policy rule and pushing to your production NGFW and
Prisma Access tenants. This allows you to validate your data profiles against
a file containing known sensitive data to ensure accurate detection by Enterprise DLP.
√
Configured on Strata Cloud Manager
√
Double Byte Characters
Enterprise Data Loss Prevention (E-DLP) supports detection of sensitive data in Chinese, Japanese,
and Korean (CJK) double byte characters.
Enterprise Data Loss Prevention (E-DLP) supports detection of sensitive data for the following double
bye character set languages:
Chinese (simplified)
Chinese (traditional)
Korean
Japanese
Review the table below to learn more about which Enterprise DLP enforcement
channels, file types, and detection methods support and don't support double byte
characters.
(SaaS Security API and Inline) Regex data
patterns for PDF files
For example, Enterprise DLP can inspect and block an outbound email if sensitive
data is written in double byte plaintext characters directly in the email subject or
body. However Enterprise DLP can't inspect and block an outbound email if sensitive
data is written in double byte plaintext characters in a document meant to be detected
with a custom document type.
Non-File Based Traffic
Enterprise Data Loss Prevention (E-DLP) supports inspection of non-file based traffic.
Enterprise Data Loss Prevention (E-DLP) supports inspection of non-file based traffic for sensitive
data. A data filtering profile configured for non-file based traffic detection allows
you to configure URL and application exclusion lists to exclude specific URL and
application traffic from Enterprise DLP inspection.
On the Panorama™ management server, each data profile you create can be configured to
inspect for either file based traffic or for non-file based traffic, or for both. On Strata Cloud Manager, you need to enable non-file based DLP inspection. After you enable this setting on
Strata Cloud Manager you can modify a DLP rule to inspect for either file
based traffic or for non-file based traffic, or for both.
Inspection of non-file based traffic is supported on Panorama running
PAN-OS 10.2.1 and later releases and Enterprise DLP plugin 3.0.1 and later
releases.
To upgrade to PAN-OS 10.2.1, you must install Application and Threats content release
version 8552-7333 or later version on Panorama and managed
firewalls using Enterprise DLP. This is required to support non-file based
traffic inspection.
