Skip to main content

Palo Alto Networks Enterprise DLP

This Integration is part of the Enterprise DLP by Palo Alto Networks Pack.#

Palo Alto Networks Enterprise DLP discovers and protects company data across every data channel and repository. Integrated Enterprise DLP enables data protection and compliance everywhere without complexity. This integration was integrated and tested with version 2.0 of Palo Alto Networks Enterprise DLP

Setup#

Go to the Settings tab on the DLP web interface. Choose Alerts on the left menu. Follow all the steps under Setup Instructions. Make sure the toggle at the bottom is switched on.

Configure Palo Alto Networks Enterprise DLP in Cortex#

ParameterDescriptionRequired
Access TokenAccess token generated in the Enterprise DLP UITrue
Refresh TokenRefresh token generated in the Enterprise DLP UITrue
Trust any certificate (not secure)False
Use system proxy settingsFalse
Long running instanceFalse
DLP RegionsFalse
Data profiles to allow exemptionA comma-separated list of data profile names to request an exemption. Use "*" to allow everything.False
Bot MessageThe message to send to the user to ask for feedback.False

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

pan-dlp-get-report#


Fetches DLP reports associated with a report ID.

Base Command#

pan-dlp-get-report

Input#

Argument NameDescriptionRequired
report_idDLP report ID.Required
fetch_snippetsIf True, includes snippets with the reports. Possible values are: true, false. Default is false.Optional

Context Output#

PathTypeDescription
DLP.Report.DataProfileunknownThe data profile name.
DLP.Report.DataPatternMatches.DataPatternNameunknownThe DLP data pattern name.
DLP.Report.DataPatternMatches.DetectionsunknownThe DLP detection snippets.
DLP.Report.DataPatternMatches.HighConfidenceFrequencyunknownThe number of high confidence occurrences.
DLP.Report.DataPatternMatches.MediumConfidenceFrequencyunknownThe number of medium confidence occurrences.
DLP.Report.DataPatternMatches.LowConfidenceFrequencyunknownThe number of low confidence occurrences.

pan-dlp-update-incident#


Updates a DLP incident with user feedback.

Base Command#

pan-dlp-update-incident

Input#

Argument NameDescriptionRequired
incident_idThe ID of the incident to update.Required
feedbackThe user feedback. Possible values are: PENDING_RESPONSE, CONFIRMED_SENSITIVE, CONFIRMED_FALSE_POSITIVE, EXCEPTION_REQUESTED, EXCEPTION_GRANTED, EXCEPTION_NOT_REQUESTED, OPERATIONAL_ERROR, SEND_NOTIFICATION_FAILURE, EXCEPTION_DENIED.Required
user_idThe ID of the user the feedback is collected from.Required
regionThe region where the incident originated.Optional
report_idThe DLP report ID, needed only for granting exemptions.Optional
dlp_channelThe DLP channel, needed only for granting exemptions.Optional
error_detailsError details if status is SEND_NOTIFICATION_FAILURE.Optional

Context Output#

PathTypeDescription
DLP.IncidentUpdate.successbooleanWhether the update was successful.
DLP.IncidentUpdate.exemption_durationnumberThe exemption duration, only available for "EXCEPTION_GRANTED".

pan-dlp-exemption-eligible#


Determines whether exemption can be granted on incidents from a certain data profile.

Base Command#

pan-dlp-exemption-eligible

Input#

Argument NameDescriptionRequired
data_profileThe name of the data profile.Required

Context Output#

PathTypeDescription
DLP.exemption.eligiblebooleanWhether the data profile is eligible for exemption.

pan-dlp-slack-message#


Gets the Slack bot message to send to the user for gathering feedback.

Base Command#

pan-dlp-slack-message

Input#

Argument NameDescriptionRequired
userThe name of the user that receives this message.Required
file_nameThe name of the file that triggered the incident.Required
data_profile_nameThe data profile name associated with the incident.Required
snippetsThe snippets of the violation.Optional
app_nameThe name of the application that performed the activity.Required

Context Output#

PathTypeDescription
DLP.slack_messagestringThe Slack bot message.

pan-dlp-reset-last-run#


Resets the fetch incidents last run value, which resets the fetch to its initial fetch state.

Base Command#

pan-dlp-reset-last-run

Input#

Argument NameDescriptionRequired

Context Output#

There is no context output for this command.