By default, the data blocked by a data filtering profile is not automatically collected. This document describes how to enable the data capture and manage the password for data protection.
To enable data capture for content matching data filtering patterns:
Open the data filtering profile to enable data capturing:
Objects > Security Profiles > Data Filtering
Edit an existing filter or click "Add" to create a new data filter.
In the edit window, click on the Data Capture box to enable.
Since the data filtering profile has the potential to capture sensitive information such as credit card and social security numbers, PAN-OS requires a data protection password to be configured before packets will be captured. This password will be used to control who can view and download the data captures.
To manage the data protection password from the WebGUI:
Go to Device > Setup > Content-ID.
Click on Manage Data Protection.
In Manage Data Protection dialog, select Set Password for Action:
When the password is set, the Action menu includes options to change or delete the password:
To manage the data protection password from the CLI: