Modify a Predefined Data Pattern

Learn how to clone a data pattern.
Learn how to modify a data pattern.
We are in the process of replacing Prisma SaaS DLP (Classic) with Prisma SaaS DLP. During this process, use the topic that matches your tenant. If you purchased Prisma SaaS with Enterprise DLP Add-on, opted in for a trial of Prisma SaaS with Enterprise DLP Add–on, or have a new tenant with Prisma SaaS DLP, or have a new tenant with Prisma SaaS DLP, use Clone a Data Pattern; otherwise, use Modify Predefined Data Patterns—Prisma SaaS DLP (Classic).

Modify Predefined Data Patterns—Prisma SaaS DLP (Classic)

Prisma SaaS provides predefined data patterns that automatically scan for matches against the default rules for Data Loss Prevention (DLP) and Threat Prevention as soon as you Add Cloud Apps to Prisma SaaS. You can edit the proximity keywords for any predefined data pattern to narrow the match results, reduce false positives, and improve accuracy.
  1. Select the predefined data pattern to edit.
    1. Select
      Settings
      Data Pattern
      .
    2. Select a predefined data pattern by
      Name
      from the list.
      For easy identification, the predefined data patterns do not have
      Custom
      in the title.
    3. Enter the new proximity keywords for the predefined data pattern and click
      Save
      .
      edit-predefined-data-pattern.png
      Prisma SaaS will immediately begin scanning and display the match results in
      Explore
      Assets
      from this view, you can View and Filter Data Pattern Match Results.

Clone a Data Pattern

Although you cannot modify a predefined data pattern, you can clone (exact copy) an existing data pattern. In fact, you can clone any data pattern—specifically a custom data pattern, predefined data pattern, and file type data pattern.
A clone inherits the pattern of its
parent
data pattern. For example, a predefined data pattern has a built-in expression. This expression, therefore, is active and hidden in a clone of a predefined data pattern, just as it is in the parent data pattern: You can
only
add proximity keywords; if, however, you want to define a regular expression in addition to keywords, clone or create a custom data pattern from scratch instead.
This paradigm enables you to do any of the following:
  • Efficiently create new data patterns.
  • Work with a variation of a data pattern for experimentation purposes. Simply use the clone as match criteria in your policies and disable the parent data pattern. Then, either revert to the existing baseline—the parent data pattern, or retain and enable the cloned data pattern.
  1. Select the data pattern to clone.
    1. Select
      Settings
      Data Pattern
      +Add New
      .
    2. Use
      State
      and
      Type
      filters to search for the data pattern. All predefined data patterns are set to enabled by default.
    3. Click
      Clone Pattern
      .
      For easy identification, the service automatically populates the
      Data Pattern Name
      with a
      Copy
      prefix.
  2. Enter the proximity keywords, then
    Save
    .
  3. (
    Optional
    ) Use the cloned data pattern.
    1. Add a new asset rule to use the cloned data pattern as match criteria.
      Alternatively, you can modify an existing policy rule.
      match-criteria-data-pattern-combined-dlp.png
    2. Disable the parent data pattern the parent data pattern to reduce false positives.
    3. Enable the cloned data pattern.
      Prisma SaaS immediately rescans and displays the match results.

Recommended For You