Cust Data Pattern for Azure Information Protection (AIP)

Highlighted
L0 Member

Cust Data Pattern for Azure Information Protection (AIP)

Hello,

 

We're looking to leverage Palo Data Filtering to provide some DLP in our enterprise.  PANOS 8.0.12 on a 5020 pair. 
Microsoft shop running Win 10, and we have implemented Microsoft Azure Information Protection (AIP), which is MS's labeling/protection mechanism.  

MS Publishes the DLP Tag information here.   They call it a 'Custom Property.'   I have the GUIDs for the tags we use from our MS guys.  

How do I setup a Custom Data Pattern to match that?   If you pick a file property for file type MS Word, your options are:
Author 

Category
Classification

Description/Comments
Keywords/Tags

Sensitivity
Subject
Title

TITUS GUID

I know TITUS is a proprietary DLP solution.  Sensitivity and Classification don't seem to work.  Something else?  Trial and error?   Or do we have to do this via REGEX?  

L7 Applicator

Re: Cust Data Pattern for Azure Information Protection (AIP)

@David_Ball

Your only option here is to use regex.

(And you could create a feature request that Paloalto may be support the AIP label)

L0 Member

Re: Cust Data Pattern for Azure Information Protection (AIP)

@David_Ball - Were you able to get this working? I am in the same situation-- would you mind sharing waht you did to get this to work? Possibly even share your RegEx if you could please?

L0 Member

Re: Cust Data Pattern for Azure Information Protection (AIP)

Hey Josh, 

 

No, I haven't messed with it much.  We did put in a Feature Request to get Palo to recongize the AIP data tags.  Contact your sales engineer to get on the request.  Its FR 9958.  

I'll hopefully get to play with the REGEX more this week.  I'll let you know if I get anything functional. 

L7 Applicator

Re: Cust Data Pattern for Azure Information Protection (AIP)


@David_Ball wrote:

We did put in a Feature Request to get Palo to recongize the AIP data tags.  Contact your sales engineer to get on the request.  Its FR 9958. 


Thx for mentionning the FR ID. I added the ID to the consolidated list here in the Live community: https://live.paloaltonetworks.com/t5/General-Topics/Feature-Request-List/td-p/209128/

L7 Applicator

Re: Cust Data Pattern for Azure Information Protection (AIP)

@David_Ball 

There were some updates in Content Update version 8129 regarding Azure Information Protection Data Labels:

https://downloads.paloaltonetworks.com/content/content-8129-5331.html?__gda__=1552150224_51301373809...

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!