Palo Alto Networks Knowledgebase: Enable data capture for data filtering and manage data protection password

Enable data capture for data filtering and manage data protection password

(588 Views)
Created On 09/26/18 13:51 PM - Last Updated 09/26/18 14:00 PM
Categories: 

Issue:


Solution:


Overview

By default, the data blocked by a data filtering profile is not automatically collected. This document describes how to enable the data capture and manage the password for data protection.

 

To enable data capture for content matching data filtering patterns:

  1. Open the data filtering profile to enable data capturing:

    Objects > Security Profiles > Data Filtering

  2. Edit an existing filter or click "Add" to create a new data filter.
  3. In the edit window, click on the Data Capture box to enable.

 

Since the data filtering profile has the potential to capture sensitive information such as credit card and social security numbers, PAN-OS requires a data protection password to be configured before packets will be captured. This password will be used to control who can view and download the data captures.

 

To manage the data protection password from the WebGUI:

  1. Go to Device  > Setup > Content-ID.
  2. Click on Manage Data Protection.
  3. In Manage Data Protection dialog, select Set Password for Action:
    Capture12.PNG
  4. When the password is set, the Action menu includes options to change or delete the password:
    Capture13.PNG

 

To manage the data protection password from the CLI:

Create password

>request data-filtering access-password create password <value>

Change password

> request data-filtering access-password modify new-password <value> old-password <value>

Delete password

> request data-filtering access-password delete

 

owner: knarra1

Attachments:

Actions:
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClvlCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Change Language: