Palo Alto: Data Loss Prevention and Data Filtering Profiles

The use of data filtering security profiles in security rules can help provide protections of data exfiltration and data loss. Images used are from PAN-OS 8.1.13.

Create Data Patterns for Identifying Sensitive Data

Data Pattern objects will be found under Objects Tab, under the sub-section of Custom Objects.

Data Filtering Security profiles will be found under Objects Tab, under the sub-section for Security Profiles.

Palo Alto provides pre-built signatures to identify sensitive data patterns such as Social Security Numbers and Credit card numbers.


Add customized Data Patterns to the Data Filtering security Profile for use in security policy rules:

*Enable Data Capture to identify data pattern match to confirm legitimate match.

Add Security Profile to Security Policy by adding to Rule group used in security policy or directly to a security policy:


Security Group:


Security Policy


 


Identify Matches and Review Data Filtering Logs

Navigate to Monitor Tab, and find Data Filtering Logs.

Monitor-Logs.png

For entries to be logged for a data pattern match, the traffic with files containing the sensitive data must first hit a security policy.

A data filtering log will show the source and destination IP addresses and network protocol port number, the Application-ID used, user name if User-ID is available for the traffic match, the file name and a time-stamp of when the data pattern match occurred.


For any questions or concerns please reach out to email address cybersecurity@cio.wisc.edu 





Keywords:Paloalto firewall dlp SSN cybersecurity palo alto   Doc ID:107812
Owner:Vincent A.Group:IT Security Vulnerability Management
Created:2020-12-14 10:32 CSTUpdated:2020-12-14 12:00 CST
Sites:IT Security Vulnerability Management
Feedback:  0   0