Download Files for Evidence Analysis

Download files that match your Enterprise Data Loss Prevention (DLP) data filtering profiles.
After you successfully Set Up Cloud Storage to Save Evidence to store files that match your Enterprise Data Loss Prevention (DLP) data filtering profiles, you can download to your local device any files scanned by the DLP cloud service to allow for in-depth investigation.
Files scanned by the DLP cloud service while the DLP app is disconnected from your storage bucket are not stored in your S3 bucket. This means that all impacted files are not available for download. However, all snippet data is preserved and can still be viewed on the DLP app on the hub.
  1. The files available to download are only files scanned by the DLP cloud service after you successfully connected the DLP app on the hub to your storage bucket.
  2. Log in to the DLP app on the hub.
    If you do not already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.
  3. Select
    Reports
    and enter a Report ID to
    Search
    .
    • For Prisma Access users leveraging Enterprise DLP, log in to the Amazon AWS console and access the S3 storage bucket you connected. The object Name is the Report ID.
    • For Panorama users, log in to the Panorama web interface and select
      Monitor
      Logs
      Data Filtering
      and
      Filter
      the data filtering logs by entering
      ( subtype eq dlp )
      . Locate the
      Report ID
      column to obtain the Report ID for the report you want to download.
  4. Review report summary and click the download button to download the file to your device.

Recommended For You