Has anyone implemented DLP on the Palo Alto firewalls that actually provides consistent results? I am struggling to get even something as simple as a regular SSN# to log and alert every time. I am using the built in regex for SSN and SSN without dashes and have SSL decryption running on the traffic. I will upload 8 or 9 files each with a separate SSN# and 3 of them will show up in the logs with odd file names like "=?UTF-8?Q?Tim_-_WebUpload=5fSSN_Test_-_.txt?=. The others won't log anything, but it almost always kicks out a file name of "document.xml.rels" as another log. Any ideas?
... View more