>
    Strata Copilot
    Predefined Data Filtering Patterns (Strata Cloud Manager)
    Focus
    Download PDF
    Focus
    1. Home
    2. Network Security
    3. Network Security: Security Policy
    4. Security Profiles
    5. Security Profile: Data Filtering
    6. Predefined Data Filtering Patterns (Strata Cloud Manager)
    Download PDF
    Network Security

    Predefined Data Filtering Patterns (Strata Cloud Manager)

    Table of Contents

    Predefined Data Filtering Patterns (Strata Cloud Manager)

    Use data filtering to prevent common types of sensitive information, like credit cards and social security numbers, from leaving your network.
    You can find predefined data patterns by selecting ConfigurationNGFW and Prisma AccessData Loss PreventionDetection MethodsData Patterns.
    Learn about Predefined Data Filtering Profiles and using Enterprise data loss prevention (DLP) on Cloud Management.
    The following is a list of available data patterns:
    Pattern
    Description
    Credit Card Numbers16-digit credit card numbers
    Social Security Numbers9-digit social security numbers with dashes
    Social Security Numbers (without dash separator)9-digit social security numbers without dashes
    ABA Routing NumberThe American Banking Association Routing Number
    AHV Identification Number Swiss Alters und Hinterlassenenversicherungsnummer
    Codice Fiscale Identification Number Italian Fiscal Tax Code Card Identification Number
    CorporateNumber Identification Number Japanese National Tax Agency Corporate Number
    CUSIP Identification Number Committee on Uniform Security Identification Procedures Identification Number
    DEA Registration Number U.S. Drug Enforcement Administration Registration Number
    DNI Identification Number Spanish Documento nacional de identidad Identification Number number
    HK Identification Number Hong Kong Residents Identification Number
    INSEE Identification Number French National Institute of Statistics and Economic Studies identification number
    IRD Identification Number New Zealand Internal Revenue Department Identification Number
    MyKad Identification Number Malaysia MyKad Identity Card Identification Number
    MyNumber Identification NumberJapanese Social Security and Tax Number System Identification Number
    NHI Identification Number New Zealand National Health Index Number
    NIF Identification Number Spanish Tax Identification Number
    NIN Identification Number Taiwan Identification Card Number
    NRIC Identification NumberSingapore National Registration Identity Card Identification Number
    Permanent Account Identification Number India Permanent Account Number of Indian nationals
    PRC Identification Number People's Republic of China Resident Identification Number
    PRN Identification NumberRepublic of South Korea Resident Registration Number
    Republic of South Korea Resident Registration Republic of South Korea Resident Registration Number

    Configure Legacy Data Filtering in Strata Cloud Manager

    Legacy Data Filtering in Strata Cloud Manager is a security mechanism that identifies and controls sensitive data within your network traffic. It uses configurable Data Filtering Profiles and Data Patterns to enforce data security policies in your environment. This capability defines criteria for detecting and managing the flow of sensitive information. Examples include personally identifiable information (PII) or confidential documents across your network.
    Legacy Data Filtering allows you to centrally manage and deploy data filtering policies within Strata Cloud Manager. This addresses previous limitations in configuring these data security elements directly. This enhances your organization's ability to protect sensitive data. It also helps comply with regulatory requirements across your managed network infrastructure.
    The feature combines Data Patterns with Data Filtering Profiles. Data Patterns define sensitive data characteristics, while Data Filtering Profiles specify actions upon detection. You create Data Patterns to identify specific information, then group them into Data Filtering Profiles. These profiles attach to your security policy rules.
    When traffic matches a policy with an associated profile, the system inspects it against the defined patterns. It then enforces actions in your network.
    Data Patterns are fundamental building blocks for identifying sensitive data in your network traffic. They define specific detection criteria. These patterns are inheritable. You configure them at a higher folder level, and they become available to all nested folders in your environment.
    Three types of Data Patterns are available:
    • Predefined Patterns – Identify common sensitive data types with a system-defined name, description, and file types.
    • Regular Expression (Regex) Patterns – Use custom regular expressions for specific data identification. These require a name, file type, and the expression.
    • File Properties Patterns – Detects data based on file metadata. These include a name, description, file type, file property, and its value.
    Data Filtering Profiles serve as containers grouping multiple Data Patterns. They define actions when patterns match within traffic.
    These profiles encapsulate complete detection and enforcement rules for a specific data security objective in your network.
    Data Filtering Profiles are defined by:
    • A unique name and description.
    • Associated Data Patterns.
    • Specific applications and file types for inspection.
    • Traffic direction (inbound, outbound, or both).
    • An alert threshold and a block threshold.
    • Log severity for events.
    Like Data Patterns, Data Filtering Profiles are inheritable. This allows for central management and consistent application across your network.
    Use the information in this section to configure data filtering using Strata Cloud Manager (SCM).
    If your Tenant Service Group (TSG) is activated with an Enterprise DLP license, the Data Filtering section within Security Services is read-only. You retain the option to delete existing profiles and data patterns from this read-only view. In this scenario, you are guided to the Enterprise DLP page for defining data profiles.
    Create Data Patterns
    1. Log into Strata Cloud Manager.
    2. Navigate to Security Services > Data Filtering.
    3. Select the Data Patterns tab.
    4. Create a new data pattern. Select Add. Configure the data pattern based on its type:
      • For predefined patterns:
        • Select a Name from the predefined drop-down list.
        • Review the automatically populated Description.
        • Select the applicable File Type (any or multi-select).
      • For Regular Expression Patterns:
        • Enter a descriptive Name.
        • Select the applicable File Type (any or multi-select).
        • Enter the validated regular expression in the Data Pattern field.
      • For File Properties-based Patterns:
        • Enter a descriptive Name.
        • Enter a Description.
        • Select a single File Type.
        • Select a File Property based on the chosen File Type.
        Enter the Property Value to match.
    5. Save the new data pattern.
      Create Data Filtering Profiles
    6. Navigate to Security Services > Data Filtering.
    7. Select the Data Filtering Profiles tab.
    8. Create a new data filtering profile. Select Add. Configure the data filtering profile based on its type:
        1. Enter a descriptive Name for the profile.
        2. Enter a Description for the profile.
        3. Configure the Data Patterns to include in this profile. Select Add within the Data Patterns section. For each data pattern, configure the following:
          • Select an existing Data Pattern object or Create New.
          • Select the applicable Applications (any or multi-select).
          • Select the applicable File Type (any or multi-select).
          • Select the Direction of traffic to inspect (upload, download, or both).
          • Set the Alert Threshold.
          • Set the Block Threshold.
          • Select the Log Severity for events generated by this pattern.
    9. Save the new data filtering profile.

    Apply Data Filtering Profiles to Security Policy Rules

    Use this procedure to apply data filtering profiles to security policy rules:
    1. Navigate to Policies > Security.
    2. Locate and edit the security policy rule to which you want to apply data filtering:
      • Select the desired security policy rule.
      • Select Edit.
    3. Attach the data filtering profile to the security policy rule.
    4. Select the Actions tab.
    5. Under Security Profile Group, select Add.
    6. Select the desired Data Filtering Profile from the available list. If your TSG is not activated with an Enterprise DLP license, the existing "Data loss Prevention profile" displays as "Data Filtering Profile", and all defined data filtering profiles are available for selection.
    7. Select OK to confirm changes to the security policy rule.
    8. Commit the changes to apply them to your managed devices

    © 2026 Palo Alto Networks, Inc. All rights reserved.