ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.
Palo Alto Networks provides details about the Default Data Pattern in Prisma SaaS. See why it's important to enable this default setting early. Prisma SaaS Customer Success Engineer, Nick Trubic, has all the details.
A Conversation About Default Data Patterns in Prisma SaaS
I was talking with one of our Prisma SaaS Customer Success Engineers, Nick Trubic, about default policies. I asked, "who should apply them, when and why?" Rather than dive into a discussion about the value of default policies, he steered the conversation towards enabling default data patterns.
Default Data Patterns are Useful
Nick described the advantage of applying default data patterns early during Prisma SaaS onboarding. When you apply default data patterns then you don’t need to rescan the app when you apply a new policy. This gives Prisma SaaS the opportunity to categorize the assets when apps are attached. When you create a policy for that app then there’s no need for it to scan backwards for existing assets. The actions defined in the new policy are then applied based on the metadata already collected. Scanning continues going forward and policies are applied to new assets found.
Example default data patterns in Prisma SaaS
What happens if you setup a policy before default data patterns?
I asked what happens if policies are applied before default data patterns. It turns out that Prisma SaaS will then scan for the data patterns specified in the policy then apply actions in the policy. Nick mentioned that you can always add the default data patterns later then trigger a rescan of your assets. Prisma SaaS will then rescan against those data patterns. A rescan doesn’t fetch assets again, but it does apply the new policy to the data patterns associated with the metadata already collected.
Nick was careful to point out that if you modify a policy then a rescan is automatically triggered. The new rescan will go looking for assets that meet the established data patterns.
App re-scan menu option
When should you apply default policies?
It looks pretty clear that the answer is after applying default data patterns.