Uploaded a file that had words “social_security_number” and action did not generate incidents

Uploaded a file that had words “social_security_number” and action did not generate incidents

995
Created On 12/02/24 21:57 PM - Last Modified 10/28/25 21:08 PM


Symptom


Incident won’t be generated for any file uploads

Environment


A typical environment consists of

  • Enterprise DLP 
  • Prisma Access or NGFW 
  • DLP plugins on Prisma Access or NGFW

Cause


The predefined pattern National Id - US Social Security Number - SSN within the profile does come with a set of many keywords. If the DLP rule has proximity set to High with a probability more than 1 and the file (to be or) that was uploaded doesn't not have predefined keywords, incident won’t be generated. The detections will show in low proximity. 

Resolution


Predefined data pattern only comes with certain amount of static keywords. Different customers have different use-cases where they look for various keywords. One way to get around this is via alternate methods

  • Clone or copy predefined pattern and add more keywords
  • Create a new custom pattern with regex and add more keywords
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sd3lCAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language