How to configure Data Filtering Policy

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to configure Data Filtering Policy

L1 Bithead

I would like to know if there's a specific document that walks you through step-by-step of setting up data filtering.  I am running PA2020 v3.05.

I've read the Admin Guide v3.0, but it's very vague.  There's no information as to what weight # should be used or regular expression samples.

Thanks

9 REPLIES 9

L1 Bithead

I've found this document and it's explained in more detailed than the Admin Guide.

https://live.paloaltonetworks.com/docs/DOC-1048

L5 Sessionator

The article you found is the most complete guide to data filtering.  One caveat - the data must be a minimum of 7 bytes.  I've updated the article to reflect that.

Thank you very much for your response.

L5 Sessionator

We don't have step-by-step insructions on data filtering profiles, but you can contact Support for more information on how to create them. An example of a regular expression would be confidential or private (must be a minimum of 7 bytes). The weight is the vaule used in the calculation to determine the action to be taken when the keyword appears in session traffic.  Using confidential as an example, if you weight it with 2, each time the word appears during a session the count will increment by 2.  If you set up the data filtering profile to alert at 4 and block at 10, this means the word confidential appearing twice in the session will create an alert and it will be blocked if it appears 5 times.

Hi

what about if just want alert not block the Data.what will be the threshold

Set the threshold to zero to just alert and NOT block

     Hi J

Thanks for the info.My requirement is that i need to get alert word "confidential" in document appears 2 times but no need to block  that file.So ishould configure alert threshold 4 and leave the block threshold empty.Please correct my configuration.

Thanks

Shabeer

Hi,

one of our customers send us a question about the max. length of regular expression in Data Filtering Policy.

I just fimd an info that the minimum is 7 bytes but there are no data about the max. length.

Can you please help me ?

With  best regards, 

Bojan Lepenik

@lancom:

on the data pattern window "max 1024" characters.

see screengrab attached to this post:

-Benjamin

  • 6812 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!