Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Policies Reference Guide

    Home FortiDLP Policies 8.0.0 FortiDLP Policies Reference Guide
    8.0.0
    8.0.0
    7.1.2
    7.1.1
    7.1.0
    7.0.0

    Changes

    Changes

    The following table lists the recent changes to FortiDLP Policy Templates between software versions.

    Version Change

    8.0.0
    • Rebranded as FortiDLP.
    • Added Preview support for Linux content inspection. To enable this feature, contact Fortinet Support. Requires FortiDLP Agent 12.0.0+.
    • Updated the Connection made to unauthorized Wi-Fi network template to support WPA3.
    • Updated the Sensitive file uploaded template to support Snap installed Firefox on Linux.
    • Updated file templates to improve detection of read-only file access.

    7.1.2
    • Updated the Compressed file created template to support MIME type and Secure Data Flow (Preview) File origin parameters.
    • Updated Secure Data Flow (Preview) email attachment tracking to support the latest version of New Outlook.
    • Updated the Browser run in private browsing mode template to report when Firefox is used on Windows without web monitoring enabled.
    • Updated the Reveal Browser Extension tampered with template to support the latest Reveal Browser Extension on Windows.
    • Updated the New application installed template to improve application update detection.
    • Updated the Sensitive file uploaded to personal file share website and Sensitive file downloaded from personal file share website templates to support Microsoft SharePoint.
    • Updated the Daily application use violated and Application use violated templates to report process metadata.
    • Updated the Screenshot taken template to improve clipboard clearing behavior.
    • Updated the File uploaded to instant messaging application out-of-box template to support Telegram for macOS and to report activity by default, instead of only when content inspection is configured.
    7.1.1
    • Added the Sensitive file transferred via Bluetooth or AirDrop template.
    • Updated the Sensitive file written to USB storage device template to group detections by USB device and process when grouping is enabled. Requires Reveal Agent Version 11.4.1+.
    • Updated clipboard templates to prevent duplicate detections on Windows.
    • Updated the New application installed template to prevent detections from being generated upon automatic application updates.
    • Updated the Browser run in private browsing mode template to report when Microsoft Edge is used in private browsing mode when web monitoring is disabled and to prevent detections from being generated when a Chrome profile is selected on Windows.
    • Updated the Unauthorized browser used template to prevent duplicate detections from being generated for Snap-installed browsers.
    • Updated keyword asset matching behavior for content inspection templates to apply the Content inspection match type and Content inspection match frequency parameters at the asset level instead of at the individual keyword/keyphrase level.
      • Example

      For example, where a template is configured with multiple keyword list assets and a match type of Match all, now, only one keyword/keyphrase from each asset needs to be matched to generate a detection. Previously, every keyword/keyphrase in every asset needed to be matched for a detection to be generated.

      Further, where a template is configured with a match frequency of 3 and a keyword list asset of product names, now, a file containing three names—as unique values or the same value—will generate a detection. Previously, the same value needed to be matched three times for a detection to be generated.

      For more information, see Content inspection match type and Content inspection match frequency.
    • Updated content inspection templates to support filtering on files with a blob origin.
    • Updated the predefined policy group wizard to support MIME type and SaaS app parameter configuration.
    Previous
    Next

    Changes

    Changes

    The following table lists the recent changes to FortiDLP Policy Templates between software versions.

    Version Change

    8.0.0
    • Rebranded as FortiDLP.
    • Added Preview support for Linux content inspection. To enable this feature, contact Fortinet Support. Requires FortiDLP Agent 12.0.0+.
    • Updated the Connection made to unauthorized Wi-Fi network template to support WPA3.
    • Updated the Sensitive file uploaded template to support Snap installed Firefox on Linux.
    • Updated file templates to improve detection of read-only file access.

    7.1.2
    • Updated the Compressed file created template to support MIME type and Secure Data Flow (Preview) File origin parameters.
    • Updated Secure Data Flow (Preview) email attachment tracking to support the latest version of New Outlook.
    • Updated the Browser run in private browsing mode template to report when Firefox is used on Windows without web monitoring enabled.
    • Updated the Reveal Browser Extension tampered with template to support the latest Reveal Browser Extension on Windows.
    • Updated the New application installed template to improve application update detection.
    • Updated the Sensitive file uploaded to personal file share website and Sensitive file downloaded from personal file share website templates to support Microsoft SharePoint.
    • Updated the Daily application use violated and Application use violated templates to report process metadata.
    • Updated the Screenshot taken template to improve clipboard clearing behavior.
    • Updated the File uploaded to instant messaging application out-of-box template to support Telegram for macOS and to report activity by default, instead of only when content inspection is configured.
    7.1.1
    • Added the Sensitive file transferred via Bluetooth or AirDrop template.
    • Updated the Sensitive file written to USB storage device template to group detections by USB device and process when grouping is enabled. Requires Reveal Agent Version 11.4.1+.
    • Updated clipboard templates to prevent duplicate detections on Windows.
    • Updated the New application installed template to prevent detections from being generated upon automatic application updates.
    • Updated the Browser run in private browsing mode template to report when Microsoft Edge is used in private browsing mode when web monitoring is disabled and to prevent detections from being generated when a Chrome profile is selected on Windows.
    • Updated the Unauthorized browser used template to prevent duplicate detections from being generated for Snap-installed browsers.
    • Updated keyword asset matching behavior for content inspection templates to apply the Content inspection match type and Content inspection match frequency parameters at the asset level instead of at the individual keyword/keyphrase level.
      • Example

      For example, where a template is configured with multiple keyword list assets and a match type of Match all, now, only one keyword/keyphrase from each asset needs to be matched to generate a detection. Previously, every keyword/keyphrase in every asset needed to be matched for a detection to be generated.

      Further, where a template is configured with a match frequency of 3 and a keyword list asset of product names, now, a file containing three names—as unique values or the same value—will generate a detection. Previously, the same value needed to be matched three times for a detection to be generated.

      For more information, see Content inspection match type and Content inspection match frequency.
    • Updated content inspection templates to support filtering on files with a blob origin.
    • Updated the predefined policy group wizard to support MIME type and SaaS app parameter configuration.
    Previous
    Next