Fortinet black logo

Online Help

Home FortiCASB 21.1.0 Online Help

File Path Regex Configuration

21.1.0
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0
Copy Link
Copy Doc ID 6214e17c-9e13-11eb-b70b-00505692583a:823099

File Path Regex Configuration

Description

File Path Regex configures the location of the files of interest in the cloud storage account by using Regex.

Regex is regular expression that is used to extract information from documents by searching and matching using specific search patterns. Here are a couple examples of Regex:

  1. ".*" targets all files in the cloud account.
  2. "^(?:[\w]\:|\\)(\\[a-z_\-\s0-9\.]+)+\.(txt|gif|pdf|doc|docx|xls|xlsx)$" targets files begin with x:\ or \\ with files ending in the following types of extensions: txt, gif, pdf, doc, docx, xls, xlsx. Here are the file paths that will this file path Regex matches:
    1. \\192.168.0.1\folder\file.pdf
    2. c:\my folder\abc abc.docx

Reference:

https://www.codeproject.com/Tips/216238/Regular-Expression-to-Validate-File-Path-and-Exten

Example

PCI - Track all cardholder data access

Description

PCI - Track all cardholder data access policy tracks all users access to cloud account data. It collects all activity logs and send alert regarding those activities. Compliance report also shows logs of all alerts triggered by this policy.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Click on any Cloud Account drop down menu from FortiCASB dashboard, e.g. Salesforce, Office365, etc.
  2. Click on Policy drop down menu and select Compliance, then select PCI-DSS tab.
  3. Locate PCI - Track all cardholder data access and click on the right arrow key > button to expand the policy.
  4. Click on General tab, click Status toggle switch button to enable the policy.

  5. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).

    6. Note: this policy generates both alert in Alert page and data in Compliance Report.

  6. Click Context tab to configure settings.

  7. In File Path Regex, enter a valid Regex of the target file path to be monitored. Here are examples of file path Regex:
  8. In Data Patterns, click on the field and select the data patterns (financial, personal identity information, etc.) to be monitored.
  9. Click Save to upgrade the configuration.

After the policy is enabled and configured, whenever anyone accessed the targeted files with the specific data patterns, an alert will be triggered in the alert page. For more details, please refer to Alert.

Compliance report will also record any alerts generated by this policy, for more details, please see Compliance Report.

Previous
Next

File Path Regex Configuration

Description

File Path Regex configures the location of the files of interest in the cloud storage account by using Regex.

Regex is regular expression that is used to extract information from documents by searching and matching using specific search patterns. Here are a couple examples of Regex:

  1. ".*" targets all files in the cloud account.
  2. "^(?:[\w]\:|\\)(\\[a-z_\-\s0-9\.]+)+\.(txt|gif|pdf|doc|docx|xls|xlsx)$" targets files begin with x:\ or \\ with files ending in the following types of extensions: txt, gif, pdf, doc, docx, xls, xlsx. Here are the file paths that will this file path Regex matches:
    1. \\192.168.0.1\folder\file.pdf
    2. c:\my folder\abc abc.docx

Reference:

https://www.codeproject.com/Tips/216238/Regular-Expression-to-Validate-File-Path-and-Exten

Example

PCI - Track all cardholder data access

Description

PCI - Track all cardholder data access policy tracks all users access to cloud account data. It collects all activity logs and send alert regarding those activities. Compliance report also shows logs of all alerts triggered by this policy.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Click on any Cloud Account drop down menu from FortiCASB dashboard, e.g. Salesforce, Office365, etc.
  2. Click on Policy drop down menu and select Compliance, then select PCI-DSS tab.
  3. Locate PCI - Track all cardholder data access and click on the right arrow key > button to expand the policy.
  4. Click on General tab, click Status toggle switch button to enable the policy.

  5. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).

    6. Note: this policy generates both alert in Alert page and data in Compliance Report.

  6. Click Context tab to configure settings.

  7. In File Path Regex, enter a valid Regex of the target file path to be monitored. Here are examples of file path Regex:
  8. In Data Patterns, click on the field and select the data patterns (financial, personal identity information, etc.) to be monitored.
  9. Click Save to upgrade the configuration.

After the policy is enabled and configured, whenever anyone accessed the targeted files with the specific data patterns, an alert will be triggered in the alert page. For more details, please refer to Alert.

Compliance report will also record any alerts generated by this policy, for more details, please see Compliance Report.

Previous
Next