1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. SaaS Security API
    5. Manage Policy for Sanctioned SaaS Apps
    6. Policy Types on SaaS Security API
    7. Data Patterns
    8. Modify a Predefined Data Pattern

    Modify a Predefined Data Pattern

    Learn how to clone a data pattern.
    Learn how to modify a data pattern.
    We are in the process of replacing SaaS Security DLP (Classic) with SaaS Security DLP. During this process, use the topic that matches your tenant. If you purchased SaaS Security with Enterprise DLP Add-on, opted in for a trial of SaaS Security with Enterprise DLP Add–on, or have a new tenant with SaaS Security DLP, or have a new tenant with SaaS Security DLP, use Clone a Data Pattern; otherwise, use Modify Predefined Data Patterns—SaaS Security DLP (Classic).

    Modify Predefined Data Patterns—SaaS Security DLP (Classic)

    SaaS Security API provides predefined data patterns that automatically scan for matches against the default rules for Data Loss Prevention (DLP) and Threat Prevention as soon as you Add Cloud Apps to SaaS Security API. You can edit the proximity keywords for any predefined data pattern to narrow the match results, reduce false positives, and improve accuracy.
    1. Select the predefined data pattern to edit.
      1. Select
        Settings
        Data Pattern
        .
      2. Select a predefined data pattern by
        Name
         from the list.
        For easy identification, the predefined data patterns do not have
        Custom
         in the title.
      3. Enter the new proximity keywords for the predefined data pattern and click
        Save
        .
        SaaS Security API immediately begins scanning and displays the match results in
        Explore
        Assets
         from this view, you can View and Filter Data Pattern Match Results.

    Clone a Data Pattern

    Although you cannot modify a predefined data pattern, you can clone (exact copy) an existing data pattern. In fact, you can clone any data pattern—specifically a custom data pattern, predefined data pattern, and file type data pattern.
    A clone inherits the pattern of its
    parent
     data pattern. For example, a predefined data pattern has a built-in expression. This expression, therefore, is active and hidden in a clone of a predefined data pattern, just as it is in the parent data pattern: You can
    only
     add proximity keywords; if, however, you want to define a regular expression in addition to keywords, clone or create a custom data pattern from scratch instead.
    This paradigm enables you to do any of the following:
    • Efficiently create new data patterns.
    • Work with a variation of a data pattern for experimentation purposes. Simply use the clone as match criteria in your policies and disable the parent data pattern. Then, either revert to the existing baseline—the parent data pattern, or retain and enable the cloned data pattern.
    1. Select the data pattern to clone.
      1. Select
        Settings
        Data Pattern
        +Add New
        .
      2. Use
        State
         and
        Type
         filters to search for the data pattern. All predefined data patterns are set to enabled by default.
      3. Click
        Clone Pattern
        .
        For easy identification, the service automatically populates the
        Data Pattern Name
         with a
        Copy
         prefix.
    2. Enter the proximity keywords, then
      Save
      .
    3. (
      Optional
      ) Use the cloned data pattern.
      1. Add a new asset rule to use the cloned data pattern as match criteria.
        Alternatively, you can modify an existing policy rule.
      2. Disable the parent data pattern the parent data pattern to reduce false positives.
      3. Enable the cloned data pattern.
        SaaS Security API immediately rescans and displays the match results.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo