Fortinet black logo

Online Help

Home FortiCASB 24.1.a Online Help
24.1.a
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0

Data Security Policy Match Criteria

Data Security Policy Match Criteria

There are seven match criteria that data security policies offers that can be customized when Customized Data Security policy is created.

1. Files Created After

2. File Types

3. Access Permissions

4. File Activity Triggers

5. SaaS Applications

6. DLP Patterns

1. Files Created After

Time frame of the files being targeted, only the files on the SaaS application created after the designated day are targeted for data scan.

2. File Types

The file types being targeted for DLP scan, supported file types are doc, ppt, pptx, xls, xlsx, txt, rtf, js, pdf, zip, tar, 7z, gz, exe.

3. Access Permissions

The access permission option can be customized to target specific share permissions of the files.

The supported file sharing types are Private Access, Public Editable, Group Editable, Group Readable, and Public Readable.

4. File Activity Triggers

The File Activity Triggers target specific file activities conducted on the file. Supported file activities are Create File, Modify File, Access File, and Share File.

5. Files Shared With Users/Domains NOT In Trust List (Google Workspace files only)

The users and domains selected from the User Trust List and Domain Trust List will be monitored for files shared between the trusted users and external users. An alert will be triggered when a file is shared by a trusted user/domain with an external user.

For example, when a trusted user named John Meyer shared a file with Mike Taylor who is not part of the Trust List. An alert will be triggered.

User Trust List and Domain Trust List can be configured in Overview > Trusted List.

5. SaaS Applications

In SaaS Applications option, only onboarded SaaS applications will appear in this section. Selected only the SaaS applications that will be targeted for DLP data scan.

Note: SAP IAS is not supported in Data Security policy.

6. DLP Patterns

DLP Patterns selection determines which data patterns will be used in the Data Security Policy. Both Predefined Data Patterns and Customized Data Patterns can be selected as the match criterias.

For more details on supported DLP patterns, please see Predefined Data Pattern and Customized Data Pattern.

Previous
Next

Data Security Policy Match Criteria

There are seven match criteria that data security policies offers that can be customized when Customized Data Security policy is created.

1. Files Created After

2. File Types

3. Access Permissions

4. File Activity Triggers

5. SaaS Applications

6. DLP Patterns

1. Files Created After

Time frame of the files being targeted, only the files on the SaaS application created after the designated day are targeted for data scan.

2. File Types

The file types being targeted for DLP scan, supported file types are doc, ppt, pptx, xls, xlsx, txt, rtf, js, pdf, zip, tar, 7z, gz, exe.

3. Access Permissions

The access permission option can be customized to target specific share permissions of the files.

The supported file sharing types are Private Access, Public Editable, Group Editable, Group Readable, and Public Readable.

4. File Activity Triggers

The File Activity Triggers target specific file activities conducted on the file. Supported file activities are Create File, Modify File, Access File, and Share File.

5. Files Shared With Users/Domains NOT In Trust List (Google Workspace files only)

The users and domains selected from the User Trust List and Domain Trust List will be monitored for files shared between the trusted users and external users. An alert will be triggered when a file is shared by a trusted user/domain with an external user.

For example, when a trusted user named John Meyer shared a file with Mike Taylor who is not part of the Trust List. An alert will be triggered.

User Trust List and Domain Trust List can be configured in Overview > Trusted List.

5. SaaS Applications

In SaaS Applications option, only onboarded SaaS applications will appear in this section. Selected only the SaaS applications that will be targeted for DLP data scan.

Note: SAP IAS is not supported in Data Security policy.

6. DLP Patterns

DLP Patterns selection determines which data patterns will be used in the Data Security Policy. Both Predefined Data Patterns and Customized Data Patterns can be selected as the match criterias.

For more details on supported DLP patterns, please see Predefined Data Pattern and Customized Data Pattern.

Previous
Next