1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. SaaS Security API
    5. Manage Policy for Sanctioned SaaS Apps
    6. Policy Types on SaaS Security API
    7. Data Patterns
    8. Create a Custom Data Profile

    Create a Custom Data Profile

    Learn how to create a data profile.
    If you purchased SaaS Security with Enterprise DLP Add‑on, opted in for a trial of SaaS Security with Enterprise DLP Add–on, or have a new tenant with SaaS Security DLP, use this topic.
    After you clone data patterns or create custom data patterns to represent the sensitive data your organization wants to detect and protect, you can use those data patterns to create a custom data profile. You can also use predefined data patterns to do the same, and the SaaS Security team recommends that you use predefined data patterns in your custom data profile for the advantages outlined in Data Patterns. Because predefined data profiles use predefined data patterns and pre-tested logic, the SaaS Security team recommends that you use the predefined data profiles, which you can modify. However, if the predefined data profiles do not meet your needs, create a custom data profile.
    A data profile is a collection of data patterns joined together. To narrow down and find sensitive content is like crafting a recipe—you need to assemble the correct ingredients. Data patterns are the ingredients and a data profile is the recipe. You can work with the ingredients to create a recipe for content security.
    Just as data patterns are match criteria for policy rules, so too are data profiles. Data profiles:
    • Combine data patterns into a single query to filter at greater precision and efficiency than using individual data patterns.
    • Exclude data patterns to fine-tune your search.
    • Apply occurrence levels and confidence scoring to represent perceived risk.
    • Uniformly enforce custom data profiles and data patterns across all connected applications using shared resources.
    • Make policy changes easier: with one change to a data profile, you can apply a new data pattern to multiple policies simultaneously. As the availability of predefined data patterns and custom data patterns grows, data profiles as management tools make your job easier.
    1. Navigate to
      Settings
      Data Detection
      Data Profiles
      +Add New
      Custom Data Profiles
      .
    2. Name the data profile.
      Use a prefix naming convention that helps you distinguish between predefined data patterns.
    3. Select the data patterns, then use the expression builder to group them into a logical statement:
      1. Do one of the following:
        • Basic
          —Provides basic Boolean operators, and you can only use one such operator in a single data profile:
          AND
           to match on all conditions;
          OR
           to match on any condition. Drag and drop the data patterns to your workspace, select your operator, and specify your exclude or include logic.
        • Advanced
          —Includes
          NOT
           operators, in addition to basic operators, and bracket construct. Drag and drop the data patterns to your workspace to create a single threshold, then insert operators between the data patterns to construct your logic. Whereas SaaS Security API can handle both alerts and blocks in a single threshold, Prisma Access requires two thresholds—threshold 1 for alert mode and threshold 2 for block mode. Although, you can view within SaaS Security any Prisma Access data patterns that comprise two thresholds, SaaS Security API only evaluates threshold 2 for SaaS Security API.
          A data profile can include up to 50 data patterns.
      2. For each data pattern, modify the
        Occurrence
         count and
        Confidence
         level.
        SaaS Security API provides a large number of predefined data patterns to include in a given data profile; therefore, your data set grows quickly. For optimal results:
        • Use the
          ANY
           operator sparingly.
        • Use the default,
          High Confidence
           level.
        Medium
         confidence level is for credit card number and voyager credit card patterns.
        The following example is a data profile with one threshold whereby the service displays a match if all three patterns in the first clause are present. The service doesn’t display a data pattern match if either of last two patterns aren’t present.
      3. Pin the new data profile to your
        Dashboard
        .
      4. Click
        Save
        .
        If you’re unable to save your new data profile and your logic uses a bracket construct, verify that you have both beginning and closing brackets. Otherwise, after you save, the service automatically enables your new data profile and immediately scans against existing data pattern matches. Optionally, you can rescan.
    4. Add a new asset rule to use the new data profile as match criteria.
      Alternatively, you can modify an existing policy rule.
    5. As SaaS Security API starts monitoring files and matching them against enabled policy rules, on the
      Dashboard
       to verify that your policy rules are effective. Monitoring the progress during the discovery phase enables you to modify your data profile and match criteria to ensure better results.
      If you’re happy with the results, you’re done!

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2021 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo