Palo Alto: Data Loss Prevention and Data Filtering Profiles
The use of data filtering security profiles in security rules can help provide protections of data exfiltration and data loss. Images used are from PAN-OS 8.1.13.
Create Data Patterns for Identifying Sensitive Data
Data Pattern objects will be found under Objects Tab, under the sub-section of Custom Objects.
Data Filtering Security profiles will be found under Objects Tab, under the sub-section for Security Profiles.
Palo Alto provides pre-built signatures to identify sensitive data patterns such as Social Security Numbers and Credit card numbers.
Add customized Data Patterns to the Data Filtering security Profile for use in security policy rules:
*Enable Data Capture to identify data pattern match to confirm legitimate match.
Add Security Profile to Security Policy by adding to Rule group used in security policy or directly to a security policy:
Identify Matches and Review Data Filtering Logs
Navigate to Monitor Tab, and find Data Filtering Logs.
For entries to be logged for a data pattern match, the traffic with files containing the sensitive data must first hit a security policy.
A data filtering log will show the source and destination IP addresses and network protocol port number, the Application-ID used, user name if User-ID is available for the traffic match, the file name and a time-stamp of when the data pattern match occurred.
For any questions or concerns please reach out to email address firstname.lastname@example.org