Create a Data Loss Prevention Profile

Procedure

Step 1

Navigate to Policies > Profiles > Data Loss Prevention.

Step 2

Click Create Intrusion Profile.

Step 3

Select Data Loss Prevention.

Step 4

Provide a unique Name and enter a description for the profile.

Step 5

Enter the DLP FIlter List in the table.

Step 6

Click Add to insert more rows as needed.

Step 7

Provide a Description for the filter.

Step 8

Choose a predefined static pattern (e.g CVE Number) from the dropdown list or provide a custom Regular expression.

Step 9

Provide a count to define the number of times the pattern must be seen in the traffic.

Step 10

Select an Action to take if the pattern matches the count number of times.

Note

There are cases where the pre-defined pattern for AWS Access Key and AWS Secret Key doesn’t match in DLP inspection due to pattern being more restrictive. Use the following relaxed custom pattern in DLP profile to detect AWS Access Key and AWS Secret Key. Be aware that this could generate false positives log events.

AWS Access Key: (?<![A-Z0-9])[A-Z0-9]{20}(?![A-Z0-9])

AWS Secret Key: (?<![AZa-z0-9/+=])[A-Za-z0-9/+=]{40}(?![A-Za-z0-9/+=])

What to do next

Attach the profile to a policy rule set. See Rule Sets and Rule Set Groups for more information.