From 2e85498fb8185f0690ff03d6a77a18ed452e1704 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Tue, 24 Sep 2024 15:01:16 -0500 Subject: [PATCH 1/5] Add profile links --- .../data-loss-prevention/dlp-profiles/advanced-settings.mdx | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/advanced-settings.mdx b/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/advanced-settings.mdx index f6f3f0e7550e25..e9f3c5f446d3fa 100644 --- a/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/advanced-settings.mdx +++ b/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/advanced-settings.mdx @@ -3,12 +3,11 @@ pcx_content_type: reference title: Profile settings sidebar: order: 4 - --- -import { Badge } from "~/components" +import { Badge } from "~/components"; -This page lists the advanced settings available when configuring a predefined or custom DLP profile. +This page lists the advanced settings available when configuring a [predefined](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles/) or [custom](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/#build-a-custom-profile) DLP profile. ## Match count From c9e411d587c5d8051e578e033816e289c0d11e12 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Tue, 24 Sep 2024 15:05:21 -0500 Subject: [PATCH 2/5] Rename predefined profiles to match dash --- .../dlp-profiles/predefined-profiles.mdx | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles.mdx b/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles.mdx index 4b6a0d54f3e85d..60863045811c8d 100644 --- a/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles.mdx +++ b/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles.mdx @@ -7,7 +7,7 @@ sidebar: Cloudflare Zero Trust provides predefined DLP profiles for common types of sensitive data. Some profiles include built-in validation checks to increase detection granularity. Additionally, you can configure [advanced settings](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/advanced-settings/) for predefined profiles. -## Credentials and secrets +## Credentials and Secrets The following secrets are validated with regex. @@ -16,9 +16,9 @@ The following secrets are validated with regex. - Azure API keys - SSH keys -## Financial information +## Financial Information -Credit card numbers begin with a six or eight-digit Issuer Identification Number (IIN) and are followed by up to 23 additional digits. CVVs are not validated. +Credit card numbers begin with a six or eight-digit Issuer Identification Number (IIN) and are followed by up to 23 additional digits. Card verification values (CVVs) are not validated. | Detection entry | Notes | | -------------------------------- | --------------------------------------------------------------------------------- | @@ -35,7 +35,7 @@ Credit card numbers begin with a six or eight-digit Issuer Identification Number | United States ABA Routing Number | Validated algorithmically with checksum. | | IBAN | Validated with checksum. | -## Health information +## Health Information The following diagnosis and medication names are checked for surrounding ASCII characters to prevent false positives. @@ -43,9 +43,9 @@ The following diagnosis and medication names are checked for surrounding ASCII c - FDA drug names - ICD-10 FY2023 short descriptions -## National identifiers +## Social Security, Insurance, Tax, and Identifier Numbers -Detections are validated algorithmically when possible. +The following national identifier detections are validated algorithmically when possible. | Detection entry | Notes | | ---------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -64,7 +64,7 @@ Detections are validated algorithmically when possible. | United Kingdom NHS Number | Validated with checksum. | | United Kingdom National Insurance Number | Validated with regex. | -## Source code +## Source Code The following programming languages are validated with natural language processing (NLP). From db1bdd98e52628cee559459a6fc867ad7e44fd1b Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Tue, 24 Sep 2024 15:23:29 -0500 Subject: [PATCH 3/5] Add free plan note --- .../cloudflare-one/policies/data-loss-prevention/index.mdx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx b/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx index 1e416c4e0e4ea3..27975e5f854285 100644 --- a/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx +++ b/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx @@ -7,8 +7,10 @@ sidebar: import { GlossaryDefinition } from "~/components"; -:::note +:::note[Availability] Available as an add-on to Zero Trust Enterprise plans. + +Users on Zero Trust Free and Pay-as-you-go plans can use the [Financial Information](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles/#financial-information) and [Social Security, Insurance, Tax, and Identifier Numbers](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles/#social-security-insurance-tax-and-identifier-numbers) predefined profiles in Gateway policies, [payload logging](/cloudflare-one/policies/data-loss-prevention/dlp-policies/payload-logging/), and [false positive reporting](/cloudflare-one/policies/data-loss-prevention/dlp-policies/#report-false-positives). ::: From 7c036660b595807835aa162ef6356f52424cbc17 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Tue, 24 Sep 2024 15:30:34 -0500 Subject: [PATCH 4/5] Add availability to predef profiles --- .../dlp-profiles/predefined-profiles.mdx | 12 ++++++++++++ .../policies/data-loss-prevention/index.mdx | 2 +- .../cloudflare-one/casb/data-loss-prevention.mdx | 5 ----- .../data-loss-prevention/predefined-profile.mdx | 1 - .../data-loss-prevention/profile-all-plans.mdx | 7 +++++++ 5 files changed, 20 insertions(+), 7 deletions(-) create mode 100644 src/content/partials/cloudflare-one/data-loss-prevention/profile-all-plans.mdx diff --git a/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles.mdx b/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles.mdx index 60863045811c8d..4d2d34f1b1ea03 100644 --- a/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles.mdx +++ b/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles.mdx @@ -5,6 +5,8 @@ sidebar: order: 2 --- +import { Render } from "~/components"; + Cloudflare Zero Trust provides predefined DLP profiles for common types of sensitive data. Some profiles include built-in validation checks to increase detection granularity. Additionally, you can configure [advanced settings](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/advanced-settings/) for predefined profiles. ## Credentials and Secrets @@ -18,6 +20,11 @@ The following secrets are validated with regex. ## Financial Information + + Credit card numbers begin with a six or eight-digit Issuer Identification Number (IIN) and are followed by up to 23 additional digits. Card verification values (CVVs) are not validated. | Detection entry | Notes | @@ -45,6 +52,11 @@ The following diagnosis and medication names are checked for surrounding ASCII c ## Social Security, Insurance, Tax, and Identifier Numbers + + The following national identifier detections are validated algorithmically when possible. | Detection entry | Notes | diff --git a/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx b/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx index 27975e5f854285..c29ad360682a68 100644 --- a/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx +++ b/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx @@ -10,7 +10,7 @@ import { GlossaryDefinition } from "~/components"; :::note[Availability] Available as an add-on to Zero Trust Enterprise plans. -Users on Zero Trust Free and Pay-as-you-go plans can use the [Financial Information](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles/#financial-information) and [Social Security, Insurance, Tax, and Identifier Numbers](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles/#social-security-insurance-tax-and-identifier-numbers) predefined profiles in Gateway policies, [payload logging](/cloudflare-one/policies/data-loss-prevention/dlp-policies/payload-logging/), and [false positive reporting](/cloudflare-one/policies/data-loss-prevention/dlp-policies/#report-false-positives). +Users on Zero Trust Free and Pay-as-you-go plans can use the [Financial Information](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles/#financial-information) and [Social Security, Insurance, Tax, and Identifier Numbers](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles/#social-security-insurance-tax-and-identifier-numbers) predefined profiles, [payload logging](/cloudflare-one/policies/data-loss-prevention/dlp-policies/payload-logging/), and [false positive reporting](/cloudflare-one/policies/data-loss-prevention/dlp-policies/#report-false-positives). ::: diff --git a/src/content/partials/cloudflare-one/casb/data-loss-prevention.mdx b/src/content/partials/cloudflare-one/casb/data-loss-prevention.mdx index 17531d4bb26a49..5f560329941481 100644 --- a/src/content/partials/cloudflare-one/casb/data-loss-prevention.mdx +++ b/src/content/partials/cloudflare-one/casb/data-loss-prevention.mdx @@ -1,10 +1,5 @@ --- {} - --- -
- These findings will only appear if you [added DLP profiles](/cloudflare-one/applications/scan-apps/casb-dlp/) to your CASB integration. - -
diff --git a/src/content/partials/cloudflare-one/data-loss-prevention/predefined-profile.mdx b/src/content/partials/cloudflare-one/data-loss-prevention/predefined-profile.mdx index df691e75cd5223..850bc2eb764325 100644 --- a/src/content/partials/cloudflare-one/data-loss-prevention/predefined-profile.mdx +++ b/src/content/partials/cloudflare-one/data-loss-prevention/predefined-profile.mdx @@ -1,6 +1,5 @@ --- {} - --- 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **DLP** > **DLP Profiles**. diff --git a/src/content/partials/cloudflare-one/data-loss-prevention/profile-all-plans.mdx b/src/content/partials/cloudflare-one/data-loss-prevention/profile-all-plans.mdx new file mode 100644 index 00000000000000..376087701d7a00 --- /dev/null +++ b/src/content/partials/cloudflare-one/data-loss-prevention/profile-all-plans.mdx @@ -0,0 +1,7 @@ +--- +{} +--- + +:::note[Availability] +This predefined profile is available on all Zero Trust plans. +::: From 3fbda46722240d2d8f7352f290da737e0591b9e4 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Wed, 25 Sep 2024 12:11:35 -0500 Subject: [PATCH 5/5] Remove note from data in transit --- .../cloudflare-one/policies/data-loss-prevention/index.mdx | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx b/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx index c29ad360682a68..877ec0ba762697 100644 --- a/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx +++ b/src/content/docs/cloudflare-one/policies/data-loss-prevention/index.mdx @@ -17,11 +17,7 @@ Users on Zero Trust Free and Pay-as-you-go plans can use the [Financial Informat ## Data in transit -:::note -DLP requires [TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/) for visibility into data in transit. The depth of visibility varies for each site or application. -::: - -Data Loss Prevention complements [Secure Web Gateway](/cloudflare-one/policies/gateway/) to detect sensitive data transferred in HTTP requests. DLP scans the entire HTTP body, which may include [uploaded or downloaded files](#supported-file-types), chat messages, forms, and other web content. DLP does not scan non-HTTP traffic such as email, nor does it scan any traffic that bypasses Cloudflare Gateway (for example, traffic that matches a [Do Not Inspect](/cloudflare-one/policies/gateway/http-policies/#do-not-inspect) policy. +Data Loss Prevention complements [Secure Web Gateway](/cloudflare-one/policies/gateway/) to detect sensitive data transferred in HTTP requests. DLP scans the entire HTTP body, which may include [uploaded or downloaded files](#supported-file-types), chat messages, forms, and other web content. DLP does not scan non-HTTP traffic such as email, nor does it scan any traffic that bypasses Cloudflare Gateway (for example, traffic that matches a [Do Not Inspect](/cloudflare-one/policies/gateway/http-policies/#do-not-inspect) policy. The depth of visibility into data in transit varies for each site or application. To get started, refer to [Scan HTTP traffic with DLP](/cloudflare-one/policies/data-loss-prevention/dlp-policies/).