Enabling non file type to DLP rule did not create DLP incidents for non file type traffic

Enabling non file type to DLP rule did not create DLP incidents for non file type traffic

3833
Created On 12/02/24 22:35 PM - Last Modified 01/09/25 21:25 PM


Symptom


Incident will not be generated for non file type data.

Environment


  • Enterprise DLP
  • DLP plugin on Prisma Access or NGFW environment 

Cause


  • The data profile that is part of the DLP rule and it's nested.
  • In a nested data profilenon file type is enabled on one or few data profiles and not on all.
  • Here the non file type action and detection will not trigger incidents. 
  • For a successful pattern match and incident to trigger, all data profiles in a nested data profile of DLP rule should have the non file type enablement. 

Resolution


Ensure all data profiles have non file type enabled. 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sd3qCAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language