After you clone data patterns or create custom data
patterns to represent the sensitive data your organization
wants to detect and protect, you can use those data patterns to
create a custom data profile. You can also use predefined data
patterns to do the same, and the SaaS Security team recommends
that you use predefined data patterns in your custom data profile
for the advantages outlined in Data Patterns. Because
predefined data profiles use predefined data patterns and pre-tested
logic, the SaaS Security team recommends that you use the predefined
data profiles, which you can modify. However, if the predefined
data profiles do not meet your needs, create a custom data profile.
A
data profile is a collection of data patterns joined together. To
narrow down and find sensitive content is like crafting a recipe—you
need to assemble the correct ingredients. Data patterns are the
ingredients and a data profile is the recipe. You can work with
the ingredients to create a recipe for content security.
Just as data patterns
are match criteria for policy rules, so too are data profiles. Data
profiles:
Combine
data patterns into a single query to filter at greater precision
and efficiency than using individual data patterns.
Exclude data patterns to fine-tune your search.
Apply occurrence levels and confidence scoring to represent
perceived risk.
Uniformly enforce custom data profiles and data patterns
across all connected applications using shared resources.
Make policy changes easier: with one change to a data profile,
you can apply a new data pattern to multiple policies simultaneously.
As the availability of predefined data patterns and custom data
patterns grows, data profiles as management tools make your job
easier.
Navigate to
Settings
Data Detection
Data Profiles
+Add New
Custom Data Profiles
.
Name the data profile.
Use a prefix naming convention that helps you distinguish
between predefined data patterns.
Select the data patterns, then use the expression builder
to group them into a logical statement:
Do one of the following:
Basic
—Provides basic Boolean
operators, and you can only use one such operator in a single data
profile:
AND
to match on all conditions;
OR
to
match on any condition. Drag and drop the data patterns to your
workspace, select your operator, and specify your exclude or include
logic.
Advanced
—Includes
NOT
operators,
in addition to basic operators, and bracket construct. Drag and
drop the data patterns to your workspace to create a single threshold,
then insert operators between the data patterns to construct your
logic. Whereas SaaS Security API can handle both alerts and blocks
in a single threshold, Prisma Access requires two thresholds—threshold
1 for alert mode and threshold 2 for block mode. Although, you can
view within SaaS Security any Prisma Access data patterns that comprise
two thresholds, SaaS Security API only evaluates threshold 2 for
SaaS Security API.
A data profile can include up to 50 data
patterns.
SaaS Security API provides a large number of predefined data
patterns to include in a given data profile; therefore, your
data set grows quickly. For optimal results:
Use the
ANY
operator
sparingly.
Use the default,
High Confidence
level.
The following example is a data profile with one threshold
whereby the service displays a match if all three patterns in the first
clause are present. The service doesn’t display a data pattern match
if either of last two patterns aren’t present.
Pin the new data profile to your
Dashboard
.
Click
Save
.
If you’re unable to save your new data profile and your
logic uses a bracket construct, verify that you have both beginning and
closing brackets. Otherwise, after you save, the service automatically
enables your new data profile and immediately scans against existing
data pattern matches. Optionally, you can rescan.
As SaaS Security API starts monitoring files and matching
them against enabled policy rules, on the
Dashboard
to
verify that your policy rules are effective. Monitoring the progress
during the discovery phase enables you to modify your data profile
and match criteria to ensure better results.