Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DLP] Free/paygo plan features #17074

Merged
merged 5 commits into from
Sep 25, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,11 @@ pcx_content_type: reference
title: Profile settings
sidebar:
order: 4

---

import { Badge } from "~/components"
import { Badge } from "~/components";

This page lists the advanced settings available when configuring a predefined or custom DLP profile.
This page lists the advanced settings available when configuring a [predefined](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles/) or [custom](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/#build-a-custom-profile) DLP profile.

## Match count

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,11 @@ sidebar:
order: 2
---

import { Render } from "~/components";

Cloudflare Zero Trust provides predefined DLP profiles for common types of sensitive data. Some profiles include built-in validation checks to increase detection granularity. Additionally, you can configure [advanced settings](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/advanced-settings/) for predefined profiles.

## Credentials and secrets
## Credentials and Secrets

The following secrets are validated with regex.

Expand All @@ -16,9 +18,14 @@ The following secrets are validated with regex.
- Azure API keys
- SSH keys

## Financial information
## Financial Information

<Render
file="profile-all-plans"
product="cloudflare-one/data-loss-prevention"
/>

Credit card numbers begin with a six or eight-digit Issuer Identification Number (IIN) and are followed by up to 23 additional digits. CVVs are not validated.
Credit card numbers begin with a six or eight-digit Issuer Identification Number (IIN) and are followed by up to 23 additional digits. Card verification values (CVVs) are not validated.

| Detection entry | Notes |
| -------------------------------- | --------------------------------------------------------------------------------- |
Expand All @@ -35,17 +42,22 @@ Credit card numbers begin with a six or eight-digit Issuer Identification Number
| United States ABA Routing Number | Validated algorithmically with checksum. |
| IBAN | Validated with checksum. |

## Health information
## Health Information

The following diagnosis and medication names are checked for surrounding ASCII characters to prevent false positives.

- FDA active ingredients
- FDA drug names
- ICD-10 FY2023 short descriptions

## National identifiers
## Social Security, Insurance, Tax, and Identifier Numbers

<Render
file="profile-all-plans"
product="cloudflare-one/data-loss-prevention"
/>

Detections are validated algorithmically when possible.
The following national identifier detections are validated algorithmically when possible.

| Detection entry | Notes |
| ---------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
Expand All @@ -64,7 +76,7 @@ Detections are validated algorithmically when possible.
| United Kingdom NHS Number | Validated with checksum. |
| United Kingdom National Insurance Number | Validated with regex. |

## Source code
## Source Code

The following programming languages are validated with natural language processing (NLP).

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,19 +7,17 @@ sidebar:

import { GlossaryDefinition } from "~/components";

:::note
:::note[Availability]
Available as an add-on to Zero Trust Enterprise plans.

Users on Zero Trust Free and Pay-as-you-go plans can use the [Financial Information](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles/#financial-information) and [Social Security, Insurance, Tax, and Identifier Numbers](/cloudflare-one/policies/data-loss-prevention/dlp-profiles/predefined-profiles/#social-security-insurance-tax-and-identifier-numbers) predefined profiles, [payload logging](/cloudflare-one/policies/data-loss-prevention/dlp-policies/payload-logging/), and [false positive reporting](/cloudflare-one/policies/data-loss-prevention/dlp-policies/#report-false-positives).
:::

<GlossaryDefinition term="Cloudflare Data Loss Prevention (DLP)" />

## Data in transit

:::note
DLP requires [TLS decryption](/cloudflare-one/policies/gateway/http-policies/tls-decryption/) for visibility into data in transit. The depth of visibility varies for each site or application.
:::

Data Loss Prevention complements [Secure Web Gateway](/cloudflare-one/policies/gateway/) to detect sensitive data transferred in HTTP requests. DLP scans the entire HTTP body, which may include [uploaded or downloaded files](#supported-file-types), chat messages, forms, and other web content. DLP does not scan non-HTTP traffic such as email, nor does it scan any traffic that bypasses Cloudflare Gateway (for example, traffic that matches a [Do Not Inspect](/cloudflare-one/policies/gateway/http-policies/#do-not-inspect) policy.
Data Loss Prevention complements [Secure Web Gateway](/cloudflare-one/policies/gateway/) to detect sensitive data transferred in HTTP requests. DLP scans the entire HTTP body, which may include [uploaded or downloaded files](#supported-file-types), chat messages, forms, and other web content. DLP does not scan non-HTTP traffic such as email, nor does it scan any traffic that bypasses Cloudflare Gateway (for example, traffic that matches a [Do Not Inspect](/cloudflare-one/policies/gateway/http-policies/#do-not-inspect) policy. The depth of visibility into data in transit varies for each site or application.

To get started, refer to [Scan HTTP traffic with DLP](/cloudflare-one/policies/data-loss-prevention/dlp-policies/).

Expand Down
Original file line number Diff line number Diff line change
@@ -1,10 +1,5 @@
---
{}

---

<div class="special-class" markdown="1">

These findings will only appear if you [added DLP profiles](/cloudflare-one/applications/scan-apps/casb-dlp/) to your CASB integration.

</div>
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
---
{}

---

1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **DLP** > **DLP Profiles**.
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
{}
---

:::note[Availability]
This predefined profile is available on all Zero Trust plans.
:::
Loading