An effective data loss prevention (DLP) system allows an organization to define specific applications as sensitive. This enables the system to monitor and control the transmission of critical information, preventing its unauthorized release.
When creating a data-in-motion rule, you can provide the source of the sensitive data and must provide the intended destination. For the source and destination for the data-in-motion rule, you must select the relevant application groups ( custom local application group). The application groups are comprised of predefined endpoint applications as defined by Palo Alto (local application).
Predefined applications are indicated by Created by: Palo Alto Networks in the All Applications table. For predefined, you do not see the details such as URLS/Domains, Process names, Signers. You cannot edit or delete these applications.
The user can only create a Custom Web Application.
Endpoint application type:
After creating the application, you can select them from the application groups.
Predefined local applications: The following apps and services are supported.
FTP, SFTP and FTPS apps:
FileZilla
OpenSSH
WinSCP
SSH and RDP apps:
PuTTY
Custom Web application: In DLP, a web application refers to any software accessed via a web browser (e.g., cloud services, webmail, social media). Web DLP focuses on inspecting and controlling sensitive data as it travels over these internet-based channels, preventing unauthorized sharing or exfiltration. Palo Alto Networks has it's own predefined applications list. The Palo Alto predefined web applications cannot be edited or removed.
Add a custom web application that appears in the Custom Web-Application Group of the Endpoint Application Groups. You can select the source or destination when defining the data-in-motion rule.
Navigate to → → .
Click New Application and select Custom Web Application.
In New Custom Web Application , enter the application name, enter the URLs or domain of the web application, and then click
.A web application is added to the list. You can add other custom web applications.
After adding all the web applications, click Add.
The web application is successfully added to the All Applications table as Type: Web.
Web: custom URLs
Local application: pre-defined applications
Catalog: a special group that includes SAAS applications, categories
Catalog web application groups: a special group that allows you to choose SAAS applications from PANs catalog and to use the predefined catalog