Create a Custom Data Pattern

Learn how to create a new data pattern.
Learn how to create a new data pattern.
We are in the process of replacing Prisma SaaS DLP (Classic) with Prisma SaaS DLP. During this process, use the topic that matches your tenant. If you purchased Prisma SaaS with Enterprise DLP Add-on, opted in for a trial of Prisma SaaS with Enterprise DLP Add–on, or have a new tenant with Prisma SaaS DLP, use Create Custom Data Patterns—Prisma SaaS DLP (Classic); otherwise, use Create a Custom Data Patterns.

Create Custom Data Patterns—Prisma SaaS DLP (Classic)

Prisma SaaS offers various data pattern types, and each type has unique advantages. Use a custom data pattern to build a data pattern from scratch.
Custom data patterns cannot be disabled. They can only be deleted.
Data patterns use a combination of content analysis techniques to identify the content and rate it with a low to high confidence score:
  • regular expressions
  • machine learning
  • proximity keywords
  • check sum
  1. Select
    Settings
    Data Patterns
    +Add New
    Add New Custom Data Pattern
    .
  2. Name the data pattern.
    1. Enter a
      Data Pattern Name
      for the data pattern.
    2. Enter a
      Short Label
      description for the data pattern that is 12 characters or less.
  3. Define the regular expression, including whether you want a
    Basic
    or
    Weighted
    regular expression.
    expression-combined.png
  4. Select a
    Category
    to scan, then
    Save
    .
    If you select uncategorized category, Prisma SaaS scans all assets in your sanctioned cloud apps to locate a match for the expressions, and such a scan takes longer to return results than if the service only scanned a specific category.
  5. Modify a policy rule or add a new asset rule to use the new data pattern as match criteria.
    match-criteria-data-pattern.png

Create a Custom Data Patterns

Prisma SaaS enables you to create custom data patterns from scratch. Custom data patterns use a combination of content analysis techniques to identify and rate the content:
However, before you create a custom data pattern, consider alternatives that might save you time:
  • If there is a predefined data pattern that identifies all the content you desire, use it instead. Prisma SaaS tuned and tested these predefined data patterns, so they’re efficient and accurate and include built-in logic . For example, if you want to search for social security numbers, use the US Social Security Number (SSN) predefined data pattern.
  • If there is a predefined data pattern that identifies the content you desire, but you need to filter out false positives, clone it, then add proximity keywords.
  • If there is an existing custom data pattern that identifies most of the content you desire, clone it, then modify the expression.
If these alternatives don’t meet your needs, create a custom data pattern instead.
Prisma SaaS with Enterprise DLP Add–on provides you exclusive access to predefined data patterns and data profiles. Prisma SaaS UI displays all predefined data patterns and data profiles irrespective of your having a Prisma SaaS with Enterprise DLP Add–on, and uses a lock icon to highlight data patterns and data profiles that require the license.
dlp-locked-data-patterns-cropped.png
  1. Select
    Settings
    Data Patterns
    +Add New
    Custom Data Pattern
    .
  2. Name the data pattern.
    1. Enter a
      Data Pattern Name
      for the data pattern.
    2. Enter a
      Description
      for the data pattern.
  3. Define the regular expression, including whether you want a
    Basic
    or
    Weighted
    regular expression.
    expression-combined-dlp.png
  4. Specify proximity keywords, then
    Save
    .
  5. (
    Optional
    ) Use the custom data pattern.
    1. The service automatically enables the new data pattern and only applies that data pattern to future scans.
    2. Add a new asset rule to use the new data pattern as match criteria.
      Alternatively, you can modify an existing policy rule.
      match-criteria-data-pattern-combined-dlp.png
    3. As Prisma SaaS starts monitoring files and matching them against enabled policy rules, on the
      Dashboard
      to verify that your policy rules are effective. Monitoring the progress during the discovery phase enables you to modify your data patterns and match criteria to ensure better results.

Recommended For You