Create a Data Filtering Profile

Create a data filtering profile for DLP on Prisma Access.
Use a data filtering profile to add data patterns and specify matches and confidence levels.
  1. Select
    Objects
    Security Profiles
    Data Filtering
    .
    Select the correct Device Group from the drop-down list (either
    Mobile_User_Device_Group
    for remote networks or
    Remote_Network_Device_Group
    for mobile users).
  2. Add
    a data filtering profile and give it a
    Name
    .
  3. (
    Optional
    ) Change the pattern options.
    • If you select
      Basic
      options, enter the following information:
      • Primary Pattern
        Add
        one or more patterns to specify as the match criteria.
        If you specify more than one data pattern, Prisma Access uses a boolean OR match in the match criteria.
        If you created a data pattern, be sure to add it.
      • Match
        —Select whether the pattern you specify should match (
        include
        ) or not match (
        exclude
        ) the specified criteria.
      • Operator
        —Select an Operator to use with the
        Threshold
        parameter. Specify
        Any
        to ignore the threshold.
      • Threshold
        —Specify a value to use with the
        Operator
        you specify.
        For example, to match a pattern that appears 3 times or more in a file, select an
        Operator
        of
        more_than_or_equal_to
        and a
        Threshold
        of
        3
        .
      • Confidence
        —Use this with the proximity keywords you specified in the data pattern you created. Specifying a Confidence of
        Low
        means that Prisma Access does not use proximity keywords. Specifying a Confidence of
        High
        means that Prisma Access looks for the proximity keywords in the pattern within 200 characters of the regular expressions in the pattern before it considers the data pattern in a file to be a match.
        dlp-primary-pattern.png
    • If you select
      Advanced
      options, create expressions by dragging and dropping data patterns,
      Confidence
      levels,
      Operators
      , and
      Occurrence
      values into the field in the center of the page.
      Specify the values in the order that they are shown in the following screenshot (data pattern,
      Confidence
      , and
      Operator
      or
      Occurrence
      values).
      dlp-data-filtering-advanced.png
  4. Select an
    Action
    (
    Alert
    or
    Block
    ) to perform on the file.
    You can create a profile with both
    Alert
    and
    Block
    actions; to do so, create the primary pattern with an
    Alert
    action and a secondary pattern with a
    Block
    action as shown in Step 8.
  5. Specify a
    File Type
    .
    Leave the file type as
    any
    to match any of the supported file types.
  6. Select a
    Direction
    of
    upload
    .
    Downloads are not supported.
  7. (
    Optional
    ) Set the
    Log Severity
    recorded for files that match this rule.
    The default severity is
    Informational
    .
  8. (
    Optional
    ) Create a secondary pattern for this data filtering profile with a different action (alert and block mode).
    You can attach one data filtering profile per security policy rule. To create both
    Alert
    and
    Block
    actions for a security policy rule, create a primary pattern with an
    Alert
    action and a secondary pattern with an
    Block
    action.
    You must specify a
    Primary Pattern
    with an
    Action
    of
    Alert
    and a
    Secondary Pattern
    with an
    Action
    of
    Block
    to use alert and block mode.
    1. Create a data filtering profile with an
      Action
      of
      Alert
      .
    2. Select
      Add Second Data Pattern Match
      .
      dlp-data-filtering-profile-add-second-pattern-match.png
    3. Specify an
      Action
      of
      Block
      for the secondary pattern and
      Add
      more data patterns and match criteria.
      dlp-data-filtering-profile-secondary-pattern.png
  9. Click
    OK
    to save the data filtering profile.
  10. (
    Optional
    ) Modify the response page that displays when Prisma Access blocks a file.
    When Prisma Access blocks a file, it sends text to the browser of the user who requested the file, informing them that the file has been blocked. You can change the text of this page by completing the following steps.
    1. Select
      Device
      Response Pages
      Data Filtering Block Page
      .
    2. Select
      Shared
      , then select
      Export
      to download the
      data-filter-block-page.txt
      file.
      dlp-data-filtering-block-page.png
      Leave the
      Data Filtering Block Page
      open; you upload the file after you edit it.
    3. Open the .txt file in a text editor and edit the text that displays in the Block page.
    4. In Panorama,
      Import
      the
      data-filter-block-page.txt
      file you just edited.

Recommended For You