Configuring a Sensitive Data Type object
A Sensitive Data Type object is referenced as part of the Data Leak Prevention (DLP) rule to prevent information, damage and loss by specifying strings as sensitive data.
Before you begin:
- Configure a virtual server with a WAF Profile.
Predefined Sensitive Data Type objects
You can use the following predefined Sensitive Data Type objects or clone to use as a template.
Predefined Sensitive Data Type objects | Description |
---|---|
Credit_Card_Number | For credit card numbers from MC, Visa, Amex, Diners/CarteBlanche, Discover/Novus, Enroute, and JCB. Matches 341-1111-1111-1111 | 5431-1111-1111-1111 | 30569309025904 Non-Matches 30-5693-0902-5904 | 5631-1111-1111-1111 | 31169309025904. |
US_Social_Security_Number | This regex validates U.S. social security numbers, within the range of numbers that have been currently allocated. Matches 078-05-1120 | 078 05 1120 Non-Matches 987-65-4320 | 000-00-0000 | (555) 555-5555. |
This regex validates email address. Matches example@fortinet.com Non-Matches @fortinet.com. | |
URL | This regex validates URL. Matches http://www.fortinet.com | https://127.0.0.1/path/example.php?name=test1 | ftp://user:pass@example.com:123 Non-Matches /fortinet.com |
Numbers | This regex validates numbers. Matches 65535 Non-Matches a123. |
Strings | This regex validates a string. Matches abc Non-Matches abc123. |
Date/Time | This regex validates email address. Matches 29/02/1972 | 5-9-98 | 10-11-2002 | February 29, 2004 | 12:15 | 10:26:59 | 22:01:15 Non-Matches 32/12/2019. |
IP Address | This regex validates IPv4 or IPv6 address. Matches 127.0.0.1 | FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 | ::FFFF:129.144.52.38 Non-Matches 256.0.0.1 | FEDC:BA98:7654:3210 | :: |
GUID | This regex validates a globally unique identifier. Matches 2064d355-c0b9-41d8-9ef7-9d8b26524751 | 2064D355-C0B9-41D8-9EF7-9D8B26524751 Non-Matches 2064D355. |
US Phone | This regex validates a US phone number WITH area code. It is written to all users to enter whatever delimiters they want or no delimiters at all. Matches 111-222-3333 | 111.222.3333 | (111) 222-3333| 1112223333 Non-Matches + 41 111-222-3333 . |
US ZIP Code | This regex validates US zip codes. Matches all zip codes of exactly 5 digits except 00000. Optionally, matches zip5+zip4 where zip5 is exactly 5 digits, zip4 is exactly 4 digits, and zip5 and zip4 are, optionally, separated by a single space or hyphen. Captures zip5 and zip4 to named groups to facilitate program manipulation. Matches 12345 | 123456789 | 12345-6789 Non-Matches 123456. |
US State Name and Abbrev. | This regex validates 50 US States's Name and Abbrev, case insensitive. Matches California | NewYork | North Carolina | AL. |
US Street Address | This regex validates a US Street Address. Matches 123 Lincoln Avenu | 123 West Main St | 12345 Via De La Rosa Non-Matches Lincoln Avenu. |
UK Vehicle Registration | This regex validates a UK vehicle registration system currently in use (as defined by the DVLA and put into effect from September 2001, and therefore does not allow registrations prior to this date). Matches AB51DVL | AB 51 DVL Non-Matches AB-51-DVL. |
UK Bank Sort Code | This regex validates the format of a UK bank sort code. Matches 20-40-36 | 50-25-48 | 45-85-66 Non-Matches 204036. |
Post Office Box | This regex validates a Post Office Box. Matches P. O. Box | p.o. box | PO Box | po box Non-Matches office box. |
Chinese ID card | This regex validates a Chinese ID card number. Matches 2064d355-c0b9-41d8-9ef7-9d8b26524751 | 2064D355-C0B9-41D8-9EF7-9D8B26524751 Non-Matches 2064D355. |
Chinese phone | This regex validates a Chinese telphone number. Matches 86 13512341234 | +86 15812341234 | 86 13612341234 Non-Matches 14012341234. |
Australian Phone | This regex validates a Australian telephone number, most Australian telephone numbers including 13, 1300, 1800, 1900, std and international +61- format numbers. It allows optional spaces, dashes and brackets in most cases. Matches 1300 123 123 | 1300123123 | +61212341234 | (02) 1234-1234 | 02 1234 1234 Non-Matches 1400123123. |
Canadian Postal Code | Canadian Postal Code format is (A1A 1X1) or (a1a 1x1). Its made up of two parts. Forward Sortation Area (FSA) and Local Delivery Unit (LDU). Read more on wikipedia. The letters D, F, I, O, Q, or U are not used on postal Code. Matches M1R 4B0 | L0R 1B1 | L0R1B9 Non-Matches MDR 4B0. |
To configure a Sensitive Data Type object:
- Go to Web Application Firewall > Sensitive Data Protection.
The configuration page displays the Sensitive Data Type tab. - Click Create New.
- Configure the following settings:
Setting
Description
Name Enter the name of the Sensitive Data Type. You will use the name to select the Sensitive Data Type profile in Data Leak Prevention profiles. No spaces. Description Comments about this profile. Describe what this profile is used for and what kind of data this regex is used to match. Regex Specify the regex string used to match sensitive data. There are two pre-defined regex strings named Credit_Card_Number and US_Social_Security_Number. - Click Save.
After the Sensitive Data Type configuration is saved, you can reference this object in the Data Leak Prevention rule.