Data Patterns

Learn about the three types of data patterns available on Prisma SaaS—predefined, custom, and file property.
Learn about the three types of data patterns available on Prisma SaaS—predefined, custom, and file property.
We are in the process of replacing Prisma SaaS DLP (Classic) with Prisma SaaS DLP. During this process, use the topic that matches your tenant. If you purchased Prisma SaaS with Enterprise DLP Add-on, opted in for a trial of Prisma SaaS with Enterprise DLP Add–on, or have a new tenant with Prisma SaaS DLP, use Configure Data Patterns; otherwise, use Configure Data Patterns—Prisma SaaS DLP (Classic).

Configure Data Patterns—Prisma SaaS DLP (Classic)

Prisma SaaS offers the following data pattern types:
  • data patterns—the service automatically activates after a scan to match on keywords, which you can modify, and pre-tested strings.
    Prisma SaaS includes several predefined data patterns that automatically begin scanning content and detecting incidents as soon as you Add Cloud Apps to Prisma SaaS. Predefined data patterns are grouped into six categories by content type:
    data-patterns-content-types.png
  • data patterns—you create from scratch to match on keywords and strings of text, such as particular characters, words, or patterns of characters and make it possible to find all instances of text that match a certain pattern, or return a value if the pattern is not found.
  • data patterns—you create from scratch to match on file metadata.
    If you assign classification tags or labels as metadata to files, with the file property data pattern you can specify any custom or extended file property as a name-value pair to match in policy rules.
After you’re familiar with the predefined data patterns and how they work, you can modify the predefined data patterns as desired or define your own new data pattern. You can then view and filter incidents to determine if the matched content to your configured data patterns poses a risk to your organization.

Configure Data Patterns

One of the main problems Prisma SaaS helps you with is data loss prevention (DLP): Prisma SaaS uses data patterns to detect sensitive content stored in your cloud apps.
At minimum,
all
data patterns use one of two detection techniques: basic regular expression or weighted regular expression (see Configure Regular Expressions). Prisma SaaS UI enables you to add keywords too. In addition to these techniques, Prisma SaaS predefined data patterns use advanced techniques.
Prisma SaaS offers the following data patterns types and subtype, and each uses a different combination of content analysis techniques to identify and rate the content:
  • data patterns (data pattern type)—the service automatically activates a subset of default data patterns after a scan to match on keywords and pre-tested and built-in regular expressions. When you view a predefined data pattern, this expression is hidden, yet active. These data patterns use industry standard data identifiers. Additionally, these data patterns sometimes include additional, built-in logic in the form of machine learning and checksum for legal and financial data patterns.
    Prisma SaaS includes several predefined data patterns that automatically begin scanning content and detecting incidents as soon as you add cloud apps to Prisma SaaS.
  • data patterns (data pattern type)—you create from scratch using regular expressions and keywords. Because these data patterns are developed from a blank canvas, they don’t include built-in logic, unlike predefined data patterns.
  • data patterns (data pattern subtype)—you create from scratch to match on a name-value pair. The match looks for metadata or attributes in the file's custom or extended properties. These data patterns use a blank canvas because your metadata is unique to your assets.
    This data pattern subtype is available within custom data patterns and predefined data patterns.
After you’re familiar with the data patterns and how they work, you can create your own new data pattern instead or clonethe data patterns. You can then view and filter incidents to determine if the matched content to your configured data patterns poses a risk to your organization.

Recommended For You