Create a Custom Data Profile

Learn how to create a data profile.
If you purchased Prisma SaaS with Enterprise DLP Add-on, opted in for a trial of Prisma SaaS with Enterprise DLP Add–on, or have a new tenant with Prisma SaaS DLP, use the following topic.
After you clone data patterns or create custom data patterns to represent the sensitive data your organization wants to detect and protect, you can use those data patterns to create a custom data profile. You can also use predefined data patterns to do the same, and Prisma SaaS recommends that you use predefined data patterns in your custom data profile for the advantages outlined in Data Patterns. Because predefined data profiles use predefined data patterns and pre-tested logic, Prisma SaaS recommends that you use the predefined data profiles, which you can modify. However, if the predefined data profiles do not meet your needs, create a custom data profile.
A data profile is a collection of data patterns joined together. To narrow down and find sensitive content is like crafting a recipe—you need to assemble the correct ingredients. Data patterns are the ingredients and a data profile is the recipe. You can work with the ingredients to create a recipe for content security.
recipe-dlp.png
Just as data patterns are match criteria for policy rules, so too are data profiles. Data profiles:
  • Combine data patterns into a single query to filter at greater precision and efficiency than using individual data patterns.
  • Exclude data patterns to fine-tune your search.
  • Apply occurrence levels and confidence scoring to represent perceived risk.
  • Uniformly enforce custom data profiles and data patterns across all connected applications using shared resources.
  • Make policy changes easier: with one change to a data profile, you can apply a new data pattern to multiple policies simultaneously. As the availability of predefined data patterns and custom data patterns grows, data profiles as management tools make your job easier.
  1. Navigate to
    Settings
    Data Detection
    Data Profiles
    +Add New
    Custom Data Profiles
    .
  2. Name the data profile.
    Use a prefix naming convention that helps you distinguish between predefined data patterns.
  3. Select the data patterns, then use the expression builder to group them into a logical statement:
    1. Do one of the following:
      • Basic
        —Provides basic Boolean operators, and you can only use one such operator in a single data profile:
        AND
        to match on all conditions;
        OR
        to match on any condition. Drag and drop the data patterns to your workspace, select your operator, and specify your exclude or include logic.
      • Advanced
        —Includes
        NOT
        operators, in addition to basic operators, and bracket construct. Drag and drop the data patterns to your workspace to create a single threshold, then insert operators between the data patterns to construct your logic. Whereas Prisma SaaS can handle both alerts and blocks in a single threshold, Prisma Access requires two thresholds—threshold 1 for alert mode and threshold 2 for block mode. Although, you can view within Prisma SaaS any Prisma Access data patterns that comprise two thresholds, Prisma SaaS only evaluates threshold 2 for Prisma SaaS.
        A data profile can include up to 50 data patterns.
    2. For each data pattern, modify the
      Occurrence
      count and
      Confidence
      level.
      Prisma SaaS provides a large number of predefined data patterns to include in a given data profile; therefore, your data set grows quickly. For optimal results:
      • Use the
        ANY
        operator sparingly.
      • Use the default,
        High Confidence
        level.
        dlp-confidence-bands.png
      Medium
      confidence level is for credit card number and voyager credit card patterns.
      The following example is a data profile with one threshold whereby the service displays a match if all three patterns in the first clause are present. The service doesn’t display a data pattern match if either of last two patterns aren’t present.
      data-profile-example.png
    3. Pin the new data profile to your
      Dashboard
      .
      add-data-profile-to-dashboard.png
    4. Click
      Save
      .
      If you’re unable to save your new data profile and your logic uses a bracket construct, verify that you have both beginning and closing brackets. Otherwise, after you save, the service automatically enables your new data profile and immediately scans against existing data pattern matches. Optionally, you can rescan.
      data-profile-save-error.png
  4. Add a new asset rule to use the new data profile as match criteria.
    Alternatively, you can modify an existing policy rule.
    match-criteria-data-profile-combined.png
  5. As Prisma SaaS starts monitoring files and matching them against enabled policy rules, on the
    Dashboard
    to verify that your policy rules are effective. Monitoring the progress during the discovery phase enables you to modify your data profile and match criteria to ensure better results.
    If you’re happy with the results, you’re done!

Recommended For You