Enterprise DLP
Predefined Data Pattern Keywords
Table of Contents
Predefined Data Pattern Keywords
Review the proximity keywords and other importation information for predefined data
patterns included with Enterprise Data Loss Prevention (E-DLP).
On May 7, 2025, Palo Alto Networks is introducing new Evidence Storage and Syslog Forwarding service IP
addresses to improve performance and expand availability for these services
globally.
You must allow these new service IP addresses on your network
to avoid disruptions for these services. Review the Enterprise DLP
Release Notes for more
information.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Enterprise DLP license
|
Review the proximity keywords and other important information for predefined data
patterns included with Enterprise Data Loss Prevention (E-DLP). You use predefined data patterns in
your data profiles to specify how you want to
enforce the sensitive content that you’re filtering. Predefined data profiles have predefined data
patterns that include industry-standard data identifiers, keywords, and built-in logic
in the form of machine learning, regular expressions, and checksums.
Palo Alto Networks introduced the new regionalized proximity keywords in
February 2025 for the predefined data patterns
listed in this reference guide and Palo Alto Networks automatically updates the
keywords configured in these predefined data patterns. If you added any of these
predefined keywords to a data profile before February
2025, you must push your Enterprise DLP configuration to
your NGFW and Prisma Access tenants to begin using them to match
sensitive data.
- Full configuration push from Panorama
- Select and Commit.
- Select and Edit Selections.
- Select Device Groups and Include Device and Network Templates.
- Click OK.
- Push your configuration changes to your managed firewalls that are using Enterprise DLP.
- Partial configuration push from PanoramaYou must always include the temporary __dlp administrator when performing a partial configuration push. This is required to keep Panorama and the DLP cloud service in sync.For example, you have an admin Panorama admin user who is allowed to commit and push configuration changes. The admin user made changes to the Enterprise DLP configuration and only wants to commit and push these changes to managed firewalls. In this case, the admin user is required to also select the __dlp user in the partial commit and push operations.
- Select .
- Select Commit Changes Made By and then click the current Panorama admin user to select additional admins to include in the partial commit.In this example, the admin user is currently logged in and performing the commit operation. The admin user must click admin and then select the __dlp user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.Click OK to continue.
![]()
- Commit.
- Select .
- Select Push Changes Made By and then click the current Panorama admin user to select additional admins to include in the partial push.In this example, the admin user is currently logged in and performing the push operation. The admin user must click admin and then select the __dlp user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.Click OK to continue.
![]()
- Select Device Groups and Include Device and Network Templates.
- Click OK.
- Push your configuration changes to your managed firewalls that are using Enterprise DLP.
