How to migrate data profiles impacted by deprecated predefined data patterns.

• Enterprise DLP,
• Strata Cloud Manager

Enterprise DLP has deprecated the following predefined data patterns and converted them into Predefined document types. 

Note: This change impacts Enterprise DLP and Email DLP products only, and does not impact SaaS Security or any other Palo Alto Networks security product that offers predefined data patterns. 

• Bank - Bankruptcy Filings
• Bank - Statements
• Financial - Form_1040
• Financial - Form_1099
• Financial - Form_1120
• Financial - Form_w-2
• Financial - Form_w-9
• Financial - Invoice
• Financial - Paystubs
• Legal - Business Agreements
• Legal - Lawsuits
• Legal - Merger and acquisition
• Legal - Patent Filings

Data profiles that use any of the now deprecated predefined data patterns need to be migrated to replace the deprecated data patterns with the new predefined document types.

1. Log in to Strata Cloud Manager.
2. Select Manage > Configuration > Data Loss Prevention > Data Profiles.
3. In your list of data profiles, locate and click a data profile labeled with Migration Needed.
4. Migration can be achieved using two options - Automated or Manual.

 

Data Profile Category	Supported Migration
Classic-Basic	Automated
Classic - Advanced	Recreate data profile as Advanced Profile
Advanced - Advanced	Automated or Manual

 

 

Automated Migration:

For an Automated migration, click Migrate in the the data profile details side panel which will make the necessary changes automatically.

GUI: Manage > Configuration > Data Loss Prevention > Data Profiles

Note:

• Automated migration or Manual migration is not supported for Data profiles that belong to the category Mode - classic and type advanced.
• End users will have to re-create this data profile as a advanced data profile and incorporate the data profile definition.

Manual Migration:

1. Edit the data Profile

2. Locate the data patterns labeled with Migration Needed. 
3. Make note of the data pattern traffic match configuration. You will need to reconfigure this for the new predefined document type 
4. Delete the deprecated predefined data pattern.

 

5. Add the new predefined document types/templates to the data profile.
   1. Select Add > Document Types

 

2. Select the predefined document type and configure the match criteria.

 

6. Repeat Steps 4 and 5 to add the remaining predefined document types.
7. Save.

After either Automated or Manual migration, you are redirected back to the Data Profiles page.
A prompt displays that the data profile was saved successfully and the Migration Needed label is now removed from the impacted data profile.

Recreate Data Profile as an Advanced Profile:

1. Identify the Classic Basic data profile.

2. Select Manage > Configuration > NGFW and Prisma Access > Security Services > Profile Groups to edit the Profile Group that the impacted data profile is associated with and delete it from the Profile Group. Click Save to continue.
3. Select Manage > Configuration > Enterprise DLP > Data Profiles and edit the impacted data profile to capture the existing match criteria. You will need this information to recreate the data profile in the next steps.
4. Click Cancel to exit the data profile editor.
5. Select Add New Profile > Advanced Data Profile.
6. Recreate the data profile using the match criteria you captured in the previous step.
7. Save.
8. Add the new data profile back to the Profile Group you modified in Step 3 and Save.
9. Select Push Config > Push and push the changes.