config security waf sensitive-data-type
Use this command to configure a Sensitive Data Type object for the DLP Policy. A Sensitive Data Type object is referenced as part of the Data Loss Prevention (DLP) policy to prevent information, damage and loss by specifying strings as sensitive data.
Syntax
config security waf sensitive-data-type
edit <name>
set regex <string>
set description <string>
next
end
regex |
Specify the regex string used to match sensitive data. There are two predefined regex strings named Credit_Card_Number and US_Social_Security_Number. |
description |
Comments about this profile. Describe what this profile is used for and what kind of data this regex is used to match. |
Example
config security waf sensitive-data-type
edit "Credit_Card_Number"
set regex "^3(?:[47]\\d([ -]?)\\d{4}(?:\\1\\d{4}){2}|0[0-5]\\d{11}|[68]\\d{12})$|^4(?:\\d\\d\\d)?([ -]?)\\d{4}(?:\\2\\d{4}){2}$|^6011([ -]?)\\d{4}(?:\\3\\d{4}){2}$|^5[1-5]\\d\\d([ -]?)\\d{4}(?:\\4\\d{4}){2}$|^2014\\d{11}$|^2149\\d{11}$|^2131\\d{11}$|^1800\\d{11}$|^3\\d{15}$"
set description "For credit card numbers from MC, Visa, Amex, Diners/CarteBlanche, Discover/Novus, Enroute, and JCB. Matches 341-1111-1111-1111 | 5431-1111-1111-1111 | 30569309025904 Non-Matches 30-5693-0902-5904 | 5631-1111-1111-1111 | 31169309025904."
next
end
Predefined Sensitive Data Type objects
Predefined Sensitive Data Type objects | Description |
---|---|
Credit_Card_Number | For credit card numbers from MC, Visa, Amex, Diners/CarteBlanche, Discover/Novus, Enroute, and JCB. Matches 341-1111-1111-1111 | 5431-1111-1111-1111 | 30569309025904 Non-Matches 30-5693-0902-5904 | 5631-1111-1111-1111 | 31169309025904. |
US_Social_Security_Number | This regex validates U.S. social security numbers, within the range of numbers that have been currently allocated. Matches 078-05-1120 | 078 05 1120 Non-Matches 987-65-4320 | 000-00-0000 | (555) 555-5555. |
This regex validates email address. Matches example@fortinet.com Non-Matches @fortinet.com. | |
URL | This regex validates URL. Matches http://www.fortinet.com | https://127.0.0.1/path/example.php?name=test1 | ftp://user:pass@example.com:123 Non-Matches /fortinet.com |
Numbers | This regex validates numbers. Matches 65535 Non-Matches a123. |
Strings | This regex validates a string. Matches abc Non-Matches abc123. |
Date/Time | This regex validates email address. Matches 29/02/1972 | 5-9-98 | 10-11-2002 | February 29, 2004 | 12:15 | 10:26:59 | 22:01:15 Non-Matches 32/12/2019. |
IP Address | This regex validates IPv4 or IPv6 address. Matches 127.0.0.1 | FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 | ::FFFF:129.144.52.38 Non-Matches 256.0.0.1 | FEDC:BA98:7654:3210 | :: |
GUID | This regex validates a globally unique identifier. Matches 2064d355-c0b9-41d8-9ef7-9d8b26524751 | 2064D355-C0B9-41D8-9EF7-9D8B26524751 Non-Matches 2064D355. |
US Phone | This regex validates a US phone number WITH area code. It is written to all users to enter whatever delimiters they want or no delimiters at all. Matches 111-222-3333 | 111.222.3333 | (111) 222-3333| 1112223333 Non-Matches + 41 111-222-3333 . |
US ZIP Code | This regex validates US zip codes. Matches all zip codes of exactly 5 digits except 00000. Optionally, matches zip5+zip4 where zip5 is exactly 5 digits, zip4 is exactly 4 digits, and zip5 and zip4 are, optionally, separated by a single space or hyphen. Captures zip5 and zip4 to named groups to facilitate program manipulation. Matches 12345 | 123456789 | 12345-6789 Non-Matches 123456. |
US State Name and Abbrev. | This regex validates 50 US States's Name and Abbrev, case insensitive. Matches California | NewYork | North Carolina | AL. |
US Street Address | This regex validates a US Street Address. Matches 123 Lincoln Avenu | 123 West Main St | 12345 Via De La Rosa Non-Matches Lincoln Avenu. |
UK Vehicle Registration | This regex validates a UK vehicle registration system currently in use (as defined by the DVLA and put into effect from September 2001, and therefore does not allow registrations prior to this date). Matches AB51DVL | AB 51 DVL Non-Matches AB-51-DVL. |
UK Bank Sort Code | This regex validates the format of a UK bank sort code. Matches 20-40-36 | 50-25-48 | 45-85-66 Non-Matches 204036. |
Post Office Box | This regex validates a Post Office Box. Matches P. O. Box | p.o. box | PO Box | po box Non-Matches office box. |
Chinese ID card | This regex validates a Chinese ID card number. Matches 2064d355-c0b9-41d8-9ef7-9d8b26524751 | 2064D355-C0B9-41D8-9EF7-9D8B26524751 Non-Matches 2064D355. |
Chinese phone | This regex validates a Chinese telphone number. Matches 86 13512341234 | +86 15812341234 | 86 13612341234 Non-Matches 14012341234. |
Australian Phone | This regex validates a Australian telephone number, most Australian telephone numbers including 13, 1300, 1800, 1900, std and international +61- format numbers. It allows optional spaces, dashes and brackets in most cases. Matches 1300 123 123 | 1300123123 | +61212341234 | (02) 1234-1234 | 02 1234 1234 Non-Matches 1400123123. |
Canadian Postal Code | Canadian Postal Code format is (A1A 1X1) or (a1a 1x1). Its made up of two parts. Forward Sortation Area (FSA) and Local Delivery Unit (LDU). Read more on wikipedia. The letters D, F, I, O, Q, or U are not used on postal Code. Matches M1R 4B0 | L0R 1B1 | L0R1B9 Non-Matches MDR 4B0. |