Web Form Data Inspection for Enterprise Data Loss Prevention

Inspect non-file based traffic for sensitive data when leveraging Enterprise data loss prevention (DLP).
Enterprise data loss prevention (DLP) now supports inspection of non-filed format traffic to prevent exfiltration of sensitive information in data exchanged in collaboration applications, web forms, Cloud applications, custom applications, and social media.
Managed firewalls leveraging Enterprise DLP send all non-file based traffic that match data filtering profile criteria to the DLP cloud service to render a verdict. However, use URL categories and application filters to determine which application traffic is excluded from inspection. Enterprise DLP includes a predefined
DLP App Exclusion Filter
filter containing common applications that cannot be inspected or do not require inspection. You can leverage the predefined application filter or create a custom application filter specify applications to exclude from inspection. You can modify existing data filtering profiles to scan both file based and non-file based traffic. Inspection of non-file based traffic is supported on Panorama, Prisma Access (Panorama Managed), and Prisma Access (Cloud Managed).
Enterprise DLP supports inspection of non-file based traffic of sensitive data for the following HTTP content types:
  • JSON
  • URL encoded form
  • Multipurpose Internet Mail Extensions (MIME)
Web form inspection for non-file based traffic is supported only for the HTTP/1.x network protocol. Web form inspection for non-file based traffic is not supported for the HTTP/2 network protocol.
The steps below describe how to configure web form inspection Enterprise DLP on Panorama and Prisma Access (Panorama Managed).
  1. (
    Optional
    ) Create a custom URL category for URL or domain traffic you do not want to send to the DLP cloud service for inspection.
  2. (
    Optional
    ) Create a custom application filter for application traffic you do not want to send to the DLP cloud service for inspection.
    1. Select
      Objects
      Application Filters
      and
      Add
      a new application filter.
      You can also select and
      Clone
      the predefined
      DLP App Exclusion Filter
      to create a custom application filter.
    2. Check (enabled)
      Shared
      .
    3. Configure the application filter as needed.
      See Create an Application Filter for more information.
    4. Click
      OK
      .
    5. Select
      Commit
      and
      Commit to Panorama
      .
  3. Create a data filtering profile to inspect non-filed based traffic.
    See Create a Data Filtering Profile on Panorama for additional details on creating a data filtering profile.
    1. Select
      Objects
      DLP
      Data Filtering Profile
      and
      Add
      a data filtering profile.
    2. Enter descriptive
      Name
      for the data filtering profile.
    3. For Non Filed Based, select
      Yes
      .
    4. Enable (check)
      Shared
      .
    5. Add
      the
      Primary Pattern
      and
      Secondary Pattern
      match criteria as needed.
    6. (
      Optional
      ) Select
      URL Category
      and
      Add
      a URL category to exclude from inspection.
    7. Select
      Application List
      and
      Add
      an application list to exclude from inspection.
      At least one application filter is required to successfully create a data filtering profile for non-file based traffic.
    8. Configure the
      Action
      .
    9. Configure the
      Log Severity
      .
    10. Click
      OK
      .
  4. Attach the data filtering profile to a Security policy rule.
    1. Select
      Policies
      Security
      and specify the
      Device Group
      .
    2. Select the Security policy rule to which you want to add the data filtering profile.
    3. Select
      Actions
      and set the
      Profile Type
      to
      Profiles
      .
    4. Select the
      Data Filtering
      profile you created previously.
    5. Click
      OK
      to save your
  5. Commit and push your configuration changes to your managed firewalls that are leveraging Enterprise DLP.
    The
    Commit and Push
    command is not recommended for Enterprise DLP configuration changes. Using the
    Commit and Push
    command requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
    1. Select
      Commit
      Commit to Panorama
      and
      Commit
      .
    2. Select
      Commit
      Push to Devices
      and
      Edit Selections
      .
    3. Select
      Device Groups
      and
      Include Device and Network Templates
      .
    4. Click
      OK
      .
    5. Push
      your configuration changes to your managed firewalls that are leveraging Enterprise DLP.

Recommended For You