Create a Data Filtering Profile

Create a data filtering profile for the Enterprise Data Loss Prevention (DLP) on the Panorama™ management server.
Create a data filtering profile to add multiple data patterns and specify matches and confidence levels. All predefined and custom data filtering profiles are available across all device groups.
When creating a data filtering profile using predefined data patterns, consider the detection type used by the predefined data patterns as this determines how Enterprise DLP arrives at a verdict for scanned files. For example, when you create data filtering profile that includes three machine learning based data patterns and 7 regex based data patterns, Enterprise DLP returns a verdict based on the 7 regex based patterns if the file scanned exceeds 1MB.
  1. (
    Optional
    ) Create one or more data patterns.
  2. Select
    Objects
    DLP
    DLP Data Filters
    and specify the
    Device Group
    .
  3. Add
    a new data filtering profile.
  4. Configure the primary pattern for the data filtering profile.
    • If you select the
      Basic
      option, configure the following:
      • Primary Pattern
        Add
        one or more data patterns to specify as the match criteria.
        If you specify more than one data pattern, the managed firewall uses a boolean OR match in the match criteria.
      • Match
        —Select whether the pattern you specify should match (
        include
        ) or not match (
        exclude
        ) the specified criteria.
      • Operator
        —Select an Operator to use with the
        Threshold
        parameter. Specify
        Any
        to ignore the threshold.
      • Threshold
        —Specify a value to use with the
        Operator
        you specify.
        For example, to match a pattern that appears 3 times or more in a file, select an
        Operator
        of
        more_than_or_equal_to
        and a
        Threshold
        of
        3
        .
      • Confidence
        —Use this with the proximity keywords you specified in the data pattern you created. Specifying a Confidence of
        Low
        means that the managed firewall does not use proximity keywords. Specifying a Confidence of
        High
        means that the managed firewall looks for the proximity keywords in the pattern within 200 characters of the regular expressions in the pattern before it considers the data pattern in a file to be a match.
      dlp-plugin-data-filtering-profile.png
    • If you select the
      Advanced
      option, create expressions by dragging and dropping data patterns,
      Confidence
      levels,
      Operators
      , and
      Occurrence
      values into the field in the center of the page.
      Specify the values in the order that they are shown in the following screenshot (data pattern,
      Confidence
      , and
      Operator
      or
      Occurrence
      values).
    dlp-plugin-data-filtering-profile-advanced.png
  5. Select an
    Action
    (
    Alert
    or
    Block
    ) to perform on the file.
  6. Specify a
    File Type
    .
    Leave the file type as
    any
    to match any of the supported file types.
  7. Select a
    Direction
    of
    upload
    .
    Downloads are not supported.
  8. (
    Optional
    ) Set the
    Log Severity
    recorded for files that match this rule.
    The default severity is
    Informational
    .
  9. Click
    OK
    to save your configuration changes.
  10. Attach the data filtering profile to a Security policy rule.
    1. Select
      Policies
      Security
      and specify the
      Device Group
      .
    2. Select the Security policy rule to which you want to add the data filtering profile.
    3. Select
      Actions
      and set the
      Profile Type
      to
      Profiles
      .
    4. Select the
      Data Filtering
      profile you previously created.
    5. Click
      OK
      to save your configuration changes.
  11. Commit and push your configuration changes to your managed firewalls leveraging Enterprise DLP.
    While a performing a
    Commit and Push
    is supported, it is not recommended for Enterprise DLP configuration changes and requires you to manually select the impacted templates and managed firewalls in the Push Scope Selection.
    1. Select
      Commit
      Commit to Panorama
      and
      Commit
      your configuration changes.
    2. Select
      Commit
      Push to Devices
      and
      Edit Selections
      .
    3. Select
      Device Groups
      and
      Include Device and Network Templates
      .
    4. Click
      OK
      .
    5. Push
      your configuration changes to your managed firewalls.

Recommended For You