config security waf dlp-dictionary
Use this command to configure a DLP Dictionary object to use in the DLP Sensor. A DLP dictionary defines the patterns of data. The term "pattern" denotes a set of attributes specific to a given data type. For example, credit card numbers constitute numeric data that follow either the 14-digit or 16-digit patterns associated with credit cards. If the data adheres to these patterns, FortiADC will identify it as a match.
Before you begin:
- You must have a valid FortiGuard DLP service license and have enabled the service on FortiADC.
Syntax
config security waf dlp-dictionary
edit <name>
set match-type {any|all}
set description <string>
config entries
edit <name>
set status {enable|disable}
set fg-data-type {uk-iban|can-natl_id-sin|luhn-algo|can-natl_id-prox|can-pass|usa-pass-1|usa-pass-2|uk-pass|aus-pass|fra-pass|jpn-pass|can-health_service|can-phin|glb-cc-amex|glb-cc-bcgl|glb-cc-cabl|glb-cc-dinr|glb-cc-inst|glb-cc-jcb|glb-cc-kloc|glb-cc-lasr|glb-cc-maes|glb-cc-solo|glb-cc-disc|glb-cc-mc|glb-cc-visa|glb-cc-vsmc|usa-natl_id-ssn|can-dl-ab|can-dl-bc|can-dl-mb|can-dl-nb|can-dl-nl-2|can-dl-nl-1|can-dl-nt|can-dl-nu|can-dl-pe-1|can-dl-pe-2|can-dl-qc|can-dl-sk|can-dl-yt|usa-dl-al|usa-dl-ak|usa-dl-az|usa-dl-ar|usa-dl-co|usa-dl-ct|usa-dl-de|usa-dl-dc|usa-dl-fl|usa-dl-ga|usa-dl-hi|usa-dl-id|usa-dl-il|usa-dl-in|usa-dl-ia|usa-dl-ks|usa-dl-ky|usa-dl-la|usa-dl-me|usa-dl-md|usa-dl-ma|usa-dl-mi|usa-dl-mn|usa-dl-ms|usa-dl-mo|usa-dl-ne|usa-dl-nv|usa-dl-nh|usa-dl-nj|usa-dl-nm|usa-dl-ny|usa-dl-nc|usa-dl-oh|usa-dl-ok|usa-dl-or|usa-dl-pa|usa-dl-ri|usa-dl-sc|usa-dl-sd|usa-dl-tn|usa-dl-tx|usa-dl-ut|usa-dl-vt|usa-dl-va|usa-dl-wv|usa-dl-wi|usa-dl-wy|can-bank_account|usa-natl_id-prox|can-dl-ns|can-dl-on|usa-dl-ca|jpn-swift|usa-swift|usa-dl-nd|usa-dl-wa|uk-swift|deu-swift|fra-swift|aus-swift|chn-swift|can-sin}
set repeat {enable|disable}
next
end
next
end
|
match-type |
Select the match type:
|
|
description |
Comments about this DLP Dictionary object. |
|
config entries |
|
|
status |
Enable the Status if you intend to apply this data type. |
|
fg-data-type |
Select a FortiGuard Data Type:
|
|
repeat |
Enable this option if you want to match data exclusively when it appears multiple times. With this option enabled, you can specify the times of occurrence in the DLP Sensor settings. |
Example
config security waf dlp-dictionary
edit "user-defined-dict1"
set match-type any
set description "User Defined Dictionary 1"
config entries
edit 1
set status enable
set fg-data-type can-natl_id-sin
set repeat disable
next
end
next
end
Predefined DLP Sensor objects
You can use the following predefined DLP Dictionary objects in Data Loss Prevention rules.
| Predefined DLP Dictionary object |
Match Type |
Description |
|---|---|---|
| EICAR-TEST-FILE | Any | EICAR Test File for DLP |
| can-natl_id-pk | Any | |
|
can-natl_id-sin-dict |
Any |
Canadian SIN Card Number Dictionary |
|
glb-pass-pk |
Any |
|
|
can-pass-dict |
Any |
Canadian Passport Dictionary |
|
usa-pass-dict |
Any |
USA Passport Dictionary |
|
uk-pass-dict |
Any |
UK Passport Dictionary |
|
aus-pass-dict |
Any |
Australia Passport Dictionary |
|
fra-pass-dict |
Any |
France Passport Dictionary |
|
jpn-pass-dict |
Any |
Japan Passport Dictionary |
|
can-health_service-pk |
Any |
|
|
can-phin-pk |
Any |
|
|
can-phin-dict |
Any |
Canadian Personal Health Identification Number Dictionary |
|
can-health_service-dict |
Any |
Canadian Health Service Dictionary |
|
glb-cc-pk |
Any |
|
|
glb-cc-dict |
Any |
Global Credit Card Dictionary |
|
usa-natl_id-pk |
Any |
|
|
glb-dl-pk |
Any |
|
|
can-dl-dict |
Any |
Canadian Driver's License Dictionary |
|
can-bank_account-pk |
Any |
|
|
can-bank_account-dict |
Any |
Canadian Bank Account Dictionary |
|
usa-natl_id-ssn-dict |
Any |
USA SSN Card Number Dictionary |
|
glb-swift-pk |
Any |
|
|
source_code-python |
Any |
Python Source Code Dictionary |
|
source_code-c |
Any |
C Source Code Dictionary |
| source_code-java | Any | Java Source Code Dictionary |