Palo Alto Networks Enterprise DLP

Palo Alto Networks Enterprise DLP discovers and protects company data across every data channel and repository. Integrated Enterprise DLP enables data protection and compliance everywhere without complexity. This integration was integrated and tested with Palo Alto Networks Enterprise DLP

Configure Palo Alto Networks Enterprise DLP on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Palo Alto Networks Enterprise DLP.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
access_tokenAccess TokenTrue
refresh_tokenRefresh TokenTrue
  1. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

pan-dlp-get-report#


Fetches a DLP report associated with the passed report ID.

Base Command#

pan-dlp-get-report

Input#

Argument NameDescriptionRequired
report_idDLP report ID.Required
fetch_snippetsIf "true" will include snippets with the reports. Default is "false".Optional

Context Output#

PathTypeDescription
DLP.Report.DataProfileunknownData profile name.
DLP.Report.DataPatternMatches.DataPatternNameunknownDLP data pattern name.
DLP.Report.DataPatternMatches.DetectionsunknownSnippets of DLP detections.
DLP.Report.DataPatternMatches.HighConfidenceFrequencyunknownNumber of occurrences at High confidence.
DLP.Report.DataPatternMatches.MediumConfidenceFrequencyunknownNumber of occurrences at Low confidence.
DLP.Report.DataPatternMatches.LowConfidenceFrequencyunknownNumber of occurrences at Medium confidence.

Command Example#

!pan-dlp-get-report report_id=3165792284

Context Example#

{
"DLP": {
"Reports": {
"DataPatternMatches": [
{
"DataPatternName": "Credit Card Number",
"Detections": null,
"HighConfidenceFrequency": 0,
"LowConfidenceFrequency": 1,
"MediumConfidenceFrequency": 1
},
{
"DataPatternName": "National Id - US Social Security Number - SSN",
"Detections": null,
"HighConfidenceFrequency": 11,
"LowConfidenceFrequency": 15,
"MediumConfidenceFrequency": 0
},
{
"DataPatternName": "Passport - US",
"Detections": null,
"HighConfidenceFrequency": 4,
"LowConfidenceFrequency": 6,
"MediumConfidenceFrequency": 0
},
{
"DataPatternName": "Secret Key - AWS Access Key ID",
"Detections": null,
"HighConfidenceFrequency": 2,
"LowConfidenceFrequency": 2,
"MediumConfidenceFrequency": 0
},
{
"DataPatternName": "Tax Id - US - TIN",
"Detections": null,
"HighConfidenceFrequency": 0,
"LowConfidenceFrequency": 15,
"MediumConfidenceFrequency": 0
}
],
"DataProfile": "Sensitive-File-Upload"
}
}
}

Human Readable Output#

DLP Report for profile: Sensitive-File-Upload#

DataPatternNameConfidenceFrequency
Credit Card NumberLow: 1
Medium: 1
High: 0
National Id - US Social Security Number - SSNLow: 15
Medium: 0
High: 11
Passport - USLow: 6
Medium: 0
High: 4
Secret Key - AWS Access Key IDLow: 2
Medium: 0
High: 2
Tax Id - US - TINLow: 15
Medium: 0
High: 0