Fortinet black logo

online help

Home FortiCASB 20.2.0 online help

Customized Policy

20.2.0
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0
Copy Link
Copy Doc ID ceffee45-ba54-11ea-8b7d-00505692583a:742299

Customized Policy

FortiCASB allows you to create personalized policies to suit your organization needs.

To add a custom policy, go to Threat Protection > Customized and click Add.

Custom policies focus on two aspects, content monitoring and activity monitoring. Content monitoring is primarily used to monitor files for sensitive data. Activity monitoring is primarily used to monitor users and user activities.

The following examples illustrate how to create some common custom policies.

Example 1: To monitor all downloads of a public link containing sensitive data

To receive an alert whenever a file containing sensitive data is downloaded from a public link, use the Exposure setting along with the Data Pattern setting. For example, to monitor a Salesforce link containing a social security number:

  1. Go to the Content tab.
  2. Select Specific Data Patterns, on the right.
  3. Click the box labeled Data Pattern, then select DLP SSN.
  4. Click the box labeled Exposure, then select SALESFORCE_LINK.
  5. Go to the Activity tab.
  6. Select Specific Events, on the right.
  7. Click the box labeled Event, then select Download File.
  8. Configure any other settings as needed.

Example 2: To monitor all activities of a group of users

To receive an alert whenever a specific user or group of users performs any action, use the User setting. For example, to monitor a group of users:

  1. Go to the Activity tab.
  2. Select Specific Users, on the right.
  3. Click the box labeled User, then select users to monitor. Alternatively, check the Exclude box on the right to monitor all users besides the ones selected.
  4. Configure any other settings as needed.

Previous
Next

Customized Policy

FortiCASB allows you to create personalized policies to suit your organization needs.

To add a custom policy, go to Threat Protection > Customized and click Add.

Custom policies focus on two aspects, content monitoring and activity monitoring. Content monitoring is primarily used to monitor files for sensitive data. Activity monitoring is primarily used to monitor users and user activities.

The following examples illustrate how to create some common custom policies.

Example 1: To monitor all downloads of a public link containing sensitive data

To receive an alert whenever a file containing sensitive data is downloaded from a public link, use the Exposure setting along with the Data Pattern setting. For example, to monitor a Salesforce link containing a social security number:

  1. Go to the Content tab.
  2. Select Specific Data Patterns, on the right.
  3. Click the box labeled Data Pattern, then select DLP SSN.
  4. Click the box labeled Exposure, then select SALESFORCE_LINK.
  5. Go to the Activity tab.
  6. Select Specific Events, on the right.
  7. Click the box labeled Event, then select Download File.
  8. Configure any other settings as needed.

Example 2: To monitor all activities of a group of users

To receive an alert whenever a specific user or group of users performs any action, use the User setting. For example, to monitor a group of users:

  1. Go to the Activity tab.
  2. Select Specific Users, on the right.
  3. Click the box labeled User, then select users to monitor. Alternatively, check the Exclude box on the right to monitor all users besides the ones selected.
  4. Configure any other settings as needed.

Previous
Next