Use Data Policies to Scan for
Data Exposure or Malware
Prisma Cloud includes default data policies to help you start scanning. These data policies include predefined data profiles and data patterns that enable you to detect malware and prevent inadvertent or malicious exposure of sensitive data. You can also create custom data policies that include data patterns and proximity keywords for detecting and preventing data leak in your organization. When data policies are enabled, Prisma Cloud detects malware and provides visibility into how your data is exposed. If you want to generate alerts, you must create an alert rule and include the data policies for which you want alerts.
Add a New Data Profile to Prisma Cloud
A Data Profile is a collection of Data Patterns that you can use to scan for sensitive data in your cloud resources. Prisma Cloud provides you the ability to use any of the predefined Data Profiles, or the option to create a custom Data Profile. With a custom data profile, you can combine predefined and custom Data Patterns to meet your content scanning use cases.
- Select.SettingsDataData Profile
- + Add Newand enter aData Profile Nameand an optionalData Profile Description.
- Select data patterns.Select at least oneData Patternand modify the following thresholds for content matching:
- Match—provides the option to include or exclude the Data Pattern in the Data Profile. Default isIncludes.
- Occurrence—applies the conditional logic ofany,More than or equal to,Less than or equal to, andBetweento your Data Pattern. Default isMore than or equal to.
- Min—the minimum number of occurrences to trigger a match.
- Max—only applicable when the occurrence type selected isbetween.
- Confidence—a content analysis technique to identify content and rate it with a Low or High confidence.Low Confidence - A low confidence match looks at the specified pattern only. It uses multiple techniques such as regular expressions, Machine Learning, and check sum to identify the content.High Confidence - A high confidence match looks for proximity keywords, 200 characters on either side of the match, in addition to the techniques used by a low confidence match.
- ClickNextto review andSavethe data profile.Data profiles areEnabledby default and can be used in a data policy. To disable scanning toggle the icon.
Add a New Data Pattern in Prisma Cloud
Data Patterns are the entities used to scan files or objects for any sensitive content. Prisma Cloud supports over 600 predefined Data Patterns such as API Credentials Client ID, Healthcare Provider, and Tax ID. A Data Pattern is used with a Data Profile to scan for risks and protect your data. You also have the ability to clone and edit custom patterns after you create them; predefined data patterns cannot be deleted or modified.
- Select.SettingsDataData Patterns
- +Add Newto create a new pattern.
- Enter aData Pattern Nameand provide a pattern description.
- AddRegular Expressions.A regular expressions or regex is the match criteria for the data you want to find within your assets. You can add a basic expression or a weighted expression which assigns a score to a text entry. You can assign a weight by appending a semi colon and a number between -9999 and 9999 after your regex. When no weight is assigned, “1” is appended by default. A pattern match occurs when the score threshold is exceeded.
- (Optional) To improve the accuracy of the match, useProximity Keywordsto specify the keywords that must appear within 200 characters.
- Confirmto save the data pattern.
Create a Custom Data Policy
You must first onboard an account and enable Data Security before you can create a custom data policy.
- Select.PoliciesAdd PolicyDataEnter a Policy Name, Description, Severity, and Labels for the new policy.
- Select aData Profile.You can select one of the predefined data profiles, such as Financial Information, Healthcare Information, Intellectual Property, PII, or a custom data profile.
- Select the File Exposure.
- Select theFile Extensionthat you want to scan for sensitive information.For example,txt. If you select Financial Information, Public, and txt, the policy will generate an alert if a publicly exposed .txt file has Financial Information. Do not use a dot before the extension; if you do, an error message displays.
- Savethe data policy.You can now add this custom policy to an alert rule.
Generate Alerts for Data Policies
You must attach data policies to an alert rule to generate alerts. See Create an Alert Rule for Run-Time Checks for detail on alert rules. The following section focuses on policies and notification channels that are supported for Prisma Cloud Data Security.
- Create a new alert rule or edit an existing rule.You can select from the list of predefined Data policies or any custom policies. To filter and view the list of available Data policies, see Manage Prisma Cloud Policies. For example:
- Objects containing Healthcare information public exposed
- Objects containing Intellectual Property public exposed
- Objects containing Financial Information publicly exposed
- Objects containing PII data publicly exposed
- Objects containing GDPR publicly exposed (EU only)
- Objects containing Malware
- Select the notification channels.
- Confirmto save the alert rule.
- View data policy alerts and scan results.
- Filter on Policy Type—Data, to view all alerts related to Data policies.
- SelectDashboardData.TheTop Publicly Exposed Objects by Data Profilewidget and theObject Data Profile Regionmap give you a view into how your content is exposed.
Recommended For You
Recommended videos not found.