Enterprise DLP by Palo Alto Networks

Palo Alto Networks Enterprise DLP Integration

Palo Alto Networks Enterprise DLP Content Pack

This content pack enables Cortex XSOAR to integrate with Palo Alto Networks Enterprise DLP. Using this content pack, you can fetch DLP incidents using the Long running instance checkbox and update DLP incidents with user feedback. This pack includes the Palo Alto Networks Enterprise DLP integration and a sample playbook to gather user feedback for a DLP incident using Slack.

Palo Alto Networks Enterprise DLP Integration

Integrates with the Enterprise DLP service to get details about DLP violations and to update DLP incidents with user feedback.

The integration includes commands to:

Fetch DLP incidents as a long running instance.
Fetch DLP reports with data pattern match details.
Fetch DLP reports with data pattern match details and snippets from the file.
Update a DLP incident with user feedback and approval process.
Check if the option to exempt the violation should be provided for a given DLP data profile name.
Get approval for any exemption requests.
Send a customized Slack bot message to the user to ask for feedback.
Reset the last run.

Palo Alto Networks Enterprise DLP Content Pack

This content pack enables Cortex XSIAM to integrate with Palo Alto Networks Enterprise DLP. Using this content pack, you can fetch DLP incidents using the Long running instance checkbox and update DLP incidents with user feedback. This pack includes the Palo Alto Networks Enterprise DLP integration and a sample playbook to gather user feedback for a DLP incident using Slack.

Palo Alto Networks Enterprise DLP Integration

Integrates with the Enterprise DLP service to get details about DLP violations and to update DLP incidents with user feedback.

The integration includes commands to:

Fetch DLP incidents as a long running instance.
Fetch DLP reports with data pattern match details.
Fetch DLP reports with data pattern match details and snippets from the file.
Update a DLP incident with user feedback and approval process.
Check if the option to exempt the violation should be provided for a given DLP data profile name.
Get approval for any exemption requests.
Send a customized Slack bot message to the user to ask for feedback.
Reset the last run.

Automations

Name	Description
DlpAskFeedback	Sends a message via Slack or MS Teams to the user whose activity violated DLP policies and triggered the incident.

Classifiers

Name	Description
Data Loss Prevention	A mapper that maps raw DLP incident fields into Cortex XSOAR incident fields

Incident Fields

Name	Description
PAN DLP Tenant ID
PAN DLP Data Profile Name
PAN DLP Report ID
PAN DLP Channel
PAN DLP Previous Feedback
PAN DLP Incident ID
PAN DLP Action
PAN DLP Incident Feedback	User provided feedback to the DLP incident, such as true positive or false positive
DLP Detections	Detected violations snippets.
PAN DLP Incident Region

Incident Types

Name	Description
Data Loss Prevention

Integrations

Name	Description
Palo Alto Networks Enterprise DLP	Palo Alto Networks Enterprise DLP discovers and protects company data across every data channel and repository. Integrated Enterprise DLP enables data protection and compliance everywhere without complexity.

Layouts

Name	Description
Palo Alto Networks Enterprise DLP Incident Layout

Playbooks

Name	Description
DLP - User Message App Check	Check if the given message app exists and is configured and retrieve the user details from it.
DLP Incident Feedback Loop	This playbook handles Palo Alto Networks Enterprise DLP incidents. It Collects feedback from the user about blocked activities and automates the approval process, if required. Supported communication methods are Slack, Microsoft Teams and Email.
DLP - Get Approval	Get an approver response for an exemption request from a user.
DLP - Get User Feedback via Email	Get the user feedback via email on a blocked file, whether it is false or true positive and if an exemption is needed.
DLP - Get User Feedback	Get the user feedback on a blocked file, whether it is false or true positive and if an exemption is needed.

Automations

Name	Description
DlpAskFeedback	Sends a message via Slack or MS Teams to the user whose activity violated DLP policies and triggered the incident.

Classifiers

Name	Description
Data Loss Prevention	A mapper that maps raw DLP incident fields into Cortex XSIAM incident fields

Incident Fields

Name	Description
PAN DLP Previous Feedback
DLP Detections	Detected violations snippets.
PAN DLP Tenant ID
PAN DLP Action
PAN DLP Incident Region
PAN DLP Channel
PAN DLP Incident Feedback	User provided feedback to the DLP incident, such as true positive or false positive
PAN DLP Report ID
PAN DLP Incident ID
PAN DLP Data Profile Name

Incident Types

Name	Description
Data Loss Prevention

Integrations

Name	Description
Palo Alto Networks Enterprise DLP	Palo Alto Networks Enterprise DLP discovers and protects company data across every data channel and repository. Integrated Enterprise DLP enables data protection and compliance everywhere without complexity.

Playbooks

Name	Description
DLP - Get User Feedback	Get the user feedback on a blocked file, whether it is false or true positive and if an exemption is needed.
DLP - User Message App Check	Check if the given message app exists and is configured and retrieve the user details from it.
DLP Alert Feedback Loop	This playbook handles Palo Alto Networks Enterprise DLP alerts. It Collects feedback from the user about blocked activities and automates the approval process, if required. Supported communication methods are Slack, Microsoft Teams and Email.
DLP - Get Approval	Get an approver response for an exemption request from a user.
DLP - Get User Feedback via Email	Get the user feedback via email on a blocked file, whether it is false or true positive and if an exemption is needed.

Required Content Packs (6)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR
Microsoft Teams	By: Cortex XSOAR
Slack	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (8)

Pack Name	Pack By
Microsoft Teams	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Slack	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Base	By: Cortex XSOAR
Common Scripts	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

2.0.10 - 962639 (April 17, 2024)

Integrations

Palo Alto Networks Enterprise DLP

Documentation and metadata improvements.
Updated the Docker image to: demisto/python3:3.10.14.92207.

Related pull requests:
- 33969

Download

2.0.9 - 755215 (January 10, 2024)

Integrations

Palo Alto Networks Enterprise DLP

Fixed an issue where the test button could fail.
Fixed an issue where authenticating with client credentials did not work properly.
Fixed an issue where the pan-dlp-reset-last-run command returned an error.
Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 31983

Download

2.0.8 - 752611 (January 9, 2024)

Scripts

DlpAskFeedback

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 32030

Download

2.0.7 - 721233 (December 27, 2023)

Integrations

Palo Alto Networks Enterprise DLP

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31808

Download

2.0.6 - 6521786 (October 5, 2023)

Integrations

Palo Alto Networks Enterprise DLP

Updated the integration not to display integration parameters information in the logs.
Updated the Docker image to: demisto/python3:3.10.13.75921.

Related pull requests:
- 30058

Download

2.0.5 - 6479322 (October 1, 2023)

Playbooks

DLP - Get User Feedback

Added the Exception requested feedback to the playbook flow, after the user requests for an exemption. This will update the incident on the DLP side with the feedback.

Related pull requests:
- 29960

Download

2.0.4 - 6253250 (September 6, 2023)

Layouts

Palo Alto Networks Enterprise DLP Incident Layout
Changed the Indicators query to filter out Benign results.

Playbooks

DLP Incident Feedback Loop

Updated the playbook's description

Related pull requests:
- 29359

Download

2.0.3 - 6180521 (August 29, 2023)

Integrations

Palo Alto Networks Enterprise DLP

Updated the Docker image to: demisto/python3:3.10.13.72123.

Related pull requests:
- 29291

Download

2.0.2 - 6020712 (August 11, 2023)

Integrations

Palo Alto Networks Enterprise DLP

Updated the Docker image to: demisto/python3:3.10.12.68714.

Related pull requests:
- 28901

Download

2.0.1 - 5883145 (July 27, 2023)

Integrations

Palo Alto Networks Enterprise DLP

Updated the Docker image to: demisto/python3:3.10.12.66339.

Related pull requests:
- 28544

Download

2.0.0 - R5866730 (July 25, 2023)

Incident Fields

New: DLP Detections

Integrations

Palo Alto Networks Enterprise DLP

Updated the Docker image to: demisto/python3:3.10.12.63474.
Updated command descriptions to a more generic use case and not just upload violations.
Updated the command pan-dlp-update-incident to include the feedback EXCEPTION_DENIED.

Layouts

Palo Alto Networks Enterprise DLP Incident Layout
Available from Cortex XSOAR 6.8.0:
Removed the Incident Details section.
Added the User Enrichment section.
Added additional fields to the Case Details section.
Added the Feedback and approvals section.
Added the Detections section.

Playbooks

New: DLP - Get Approval

New: Get an approver response for an exemption request from a user.
New: Get an approver response for an exemption request from a user.
New: Get an approver response for an exemption request from a user. (Available from Cortex XSOAR 6.8.0).

New: DLP - Get User Feedback

New: Get the user feedback on a blocked file, whether it is false or true positive and if an exemption is needed.
New: Get the user feedback on a blocked file, whether it is false or true positive and if an exemption is needed.
New: Get the user feedback on a blocked file, whether it is false or true positive and if an exemption is needed. (Available from Cortex XSOAR 6.8.0).

New: DLP - Get User Feedback via Email

New: Get the user feedback via email on a blocked file, whether it is false or true positive and if an exemption is needed.
New: Get the user feedback via email on a blocked file, whether it is false or true positive and if an exemption is needed.
New: Get the user feedback via email on a blocked file, whether it is false or true positive and if an exemption is needed. (Available from Cortex XSOAR 6.8.0).

New: DLP - User Message App Check

New: Check if the given message app exists and is configured and retrieve the user details from it.
New: Check if the given message app exists and is configured and retrieve the user details from it.
New: Check if the given message app exists and is configured and retrieve the user details from it. (Available from Cortex XSOAR 6.8.0).

DLP Incident Feedback Loop

Available from Cortex XSOAR 6.8.0:
Updated the main playbook with the following changes:

6 new playbook inputs:
- ApprovalTarget
- ActionOnApproverNotFound
- SendMailInstance
- UserMessageApp
- ApproverMessageApp
- DenyMessage
Added an approval process.
Added user details and file report in an Enrichment section.
Communications with the user and the manager had been configured separately.
Added an email communication channel.

Scripts

DlpAskFeedback

Updated the Docker image to: demisto/python3:3.10.12.63474.
Updated descriptions to a more generic use case and not just upload violations.

Related pull requests:
- 27612

Download

1.2.8 - 5618116 (June 26, 2023)

Integrations

Palo Alto Networks Enterprise DLP

Updated the Docker image to: demisto/python3:3.10.12.63474.

Related pull requests:
- 27709

Download

1.2.7 - 5371916 (May 26, 2023)

Integrations

Palo Alto Networks Enterprise DLP

Updated the Docker image to: demisto/python3:3.10.11.61265.

Related pull requests:
- 27001

Download

1.2.6 - 5241386 (May 11, 2023)

Integrations

Palo Alto Networks Enterprise DLP

Updated the Docker image to: demisto/python3:3.10.11.57890.

Related pull requests:
- 26448

Download

1.2.5 - R5170573 (May 2, 2023)

Integrations

Palo Alto Networks Enterprise DLP

Updated the Docker image to: demisto/python3:3.10.10.50695.

Related pull requests:
- 25583

Download

Certification	Certified	Read more
Supported By	Cortex
Created	November 20, 2020
Last Release	April 17, 2024

Enterprise DLP by Palo Alto Networks

Palo Alto Networks Enterprise DLP Content Pack

Palo Alto Networks Enterprise DLP Integration

Palo Alto Networks Enterprise DLP Content Pack

Palo Alto Networks Enterprise DLP Integration

Integrations

Palo Alto Networks Enterprise DLP

Integrations

Palo Alto Networks Enterprise DLP

Scripts

DlpAskFeedback

Integrations

Palo Alto Networks Enterprise DLP

Integrations

Palo Alto Networks Enterprise DLP

Playbooks

DLP - Get User Feedback

Layouts

Playbooks

DLP Incident Feedback Loop

Integrations

Palo Alto Networks Enterprise DLP

Integrations

Palo Alto Networks Enterprise DLP

Integrations

Palo Alto Networks Enterprise DLP

Incident Fields

Integrations

Palo Alto Networks Enterprise DLP

Layouts

Playbooks

New: DLP - Get Approval

New: DLP - Get User Feedback

New: DLP - Get User Feedback via Email

New: DLP - User Message App Check

DLP Incident Feedback Loop

Scripts

DlpAskFeedback

Integrations

Palo Alto Networks Enterprise DLP

Integrations

Palo Alto Networks Enterprise DLP

Integrations

Palo Alto Networks Enterprise DLP

Integrations

Palo Alto Networks Enterprise DLP

PUBLISHER

PLATFORMS

INFO

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER