Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Administration Guide

    Home FortiDLP FortiDLP Administration Guide

    Creating custom assets

    Creating custom assets

    For complete flexibility, you can create custom assets that are tailored to your organization's needs. Custom assets can be created from scratch or based off of an existing asset by duplicating it. For more on duplicating assets, see Duplicating assets.

    Some assets must be provided in JSON format, either by uploading a JSON file or copying and pasting JSON text into the FortiDLP Console. However, to simplify creation of list assets, such as IP address lists, these values can alternatively be entered as plain text.

    Before you create content inspection pattern and keyword list assets and SaaS app specifier assets, see Content inspection parameters, Website parameters, and File and attachment origin parameters (Preview).

    Refer to the following example assets when creating your own.

    Application binary name list

    Application binary names (list format)

    chrome.exe
Finder

    Application called path pattern list

    Application called path patterns (list format)

    .*chrome\\.exe
.*compattelrunner\\.exe -maintenance

    Application identifier list

    Application identifiers (list format)

    v1.com.google.Chrome
v1.349c76189d1923511855d5ecd55e7f3100b6251952420cb0940ba64ac1ea0b1a

    Application list

    Authorized application parameters (JSON format)

    [ 
  {
     "binary_name": "demo.exe",
     "binary_path": "C:\\Windows\\demo.exe"
  }
]

    Application window title pattern list

    Application window title patterns (list format)

    phish(ed|ing)

    Content inspection keyword list

    HIPAA diseases (list format)

    a2 anemia
aarskog's
aarskog's syndrome
aat deficiency
ab igne
abacterial

    Content inspection pattern

    US Social Security Numbers (JSON format)

    {
  "name": "US Social Security Numbers (SSN)",
  "pattern": "\\b((?:[0-9]{9})|(?:[0-9]{3}-[0-9]{2}-[0-9]{4})|(?:[0-9]{3} [0-9]{2} [0-9]{4}))\\b",
  "filter": "ssn"
}

    Domain name list

    Domain names (list format)

    mail.google.com
1.1.1.1
2001:0db8:85a3:0000:0000:8a2e:0370:7334

    File extension list

    File extensions (list format)

    docx
.docx

    File path keyword list

    File path keywords (list format)

    confidential
secrets

    Glob-style file/folder path list

    Glob-style file/folder path list (list format)

    C:\\Users\\**\\Shared\\**
**\\*.pdf
*\\Program Files\\Mozilla Firefox\\updater.exe
/Users/*/Applications/**

    IP address list

    Denylist (list format)

    192.0.2.1/16
2001:db8::68/128

    Port numbers or ranges list

    Port numbers or ranges (list format)

    22
22-24

    Registry key list

    Registry keys (list format)

    HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root\\Certificates\\*
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx\\*\\*
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*

    String mapping

    Prohibited websites (JSON format)

    {
     "gambling.com": "Gambling",
     "facebook.com": "Social Media"
}

    URL pattern list

    URL patterns (list format)

    http:\/\/
example\.com\/download

    USB serial number list

    USB serial numbers (list format)

    1000000
12345678

    USB VID/PID identifier list

    USB VID/PID identifiers (list format)

    0BDA:8152
ABCD:*
*:CDEF

    User identifier pattern list

    User identifier patterns (list format)

    S-1-0-.*
s-1-5-20
0

    Username list

    Usernames (list format)

    NT AUTHORITY\SYSTEM
root

    Username pattern list

    Username patterns (list format)

    admin.*
svc.*
NT AUTHORITY\.*

    Wi-Fi BSSID list

    Wi-Fi BSSIDs (list format)

    18:35:D1:33:EA:BF
d8:c7:c8:44:32:40

    Wi-Fi SSID list

    Wi-Fi SSIDs (list format)

    _Heathrow Wi-Fi
BTWifi-X
    How to create a custom asset (for all asset types except SaaS app specifiers)
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Select the Policy assets tab.
    3. Click Create new.
    4. In the dialog box, do the following:
      1. In the Policy asset name field, type a policy asset name and then click Done.
      2. Optionally, click the Policy asset description field, type a policy asset description, and then click Done.
      3. In the menu, select the relevant asset type. For asset type descriptions, see Assets.
      4. Optionally, click the Asset tags field, type one or more keywords or terms describing the asset, separated by a space, and then click Done.
      1. Do one of the following:
        • To manually create an asset, either type or copy/paste the values into the entry box. Non-list assets must be provided in JSON format, and list assets can be provided using plain text or JSON text as follows:
          • To provide plain text, select the List radio button and then enter one value per line. Ensure you delete any empty lines or you will be unable to create the asset.
          • To provide JSON, select the JSON radio button and then enter the values. Ensure you delete any empty entries or you will be unable to create the asset.
          Note

          The FortiDLP Console indicates if the JSON text is invalid.

        • To upload a JSON file:
          1. Click> Upload a JSON file.
          2. Select the JSON file.
      2. Click Create.
    How to create a custom SaaS app specifier asset
    Note

    It is recommended that you prepare your SaaS app inventory prior to creating SaaS app specifier assets. This will ensure that the needed apps are available for selection in the asset editor and that app conditions defined for assets align with those of apps in your inventory. For more information, see SaaS apps.
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Select the Policy assets tab.
    3. Click Create new.
    4. In the dialog box, do the following:
      1. In the Policy asset name field, type a policy asset name and then click Done.
      2. Optionally, click the Policy asset description field, type a policy asset description, and then click Done.
      3. In the menu, select SaaS app specifier.
      4. Optionally, click the Asset tags field, type one or more keywords or terms describing the asset, separated by a space, and then click Done.
      5. Do at least one of the following:
        • To define criteria to match web apps, in the Match SaaS apps by condition section, select the relevant categories, verdicts, and/or a minimum and maximum risk score from their respective menus. If multiple conditions are specified, a SaaS app will match if it has at least one of the defined values for each configured parameter.
          • Example

          For example, you might want to configure upload policy templates to only allow uploads to sanctioned apps. To do this, you could create as asset with a condition configuration that includes the Sanctioned verdict.

          Further, if your condition configuration includes the File sharing and storage and Google Apps categories and the Sanctioned verdict, apps in either category that are sanctioned will match.

        • To choose web apps from the inventory:
          1. In the Match SaaS apps from inventory section, click Add apps.
          2. In the Add SaaS applications dialog box:
            1. Select the checkbox(es) for the relevant app(s).
            2. Click Add apps.
        Note

        If you define app conditions and choose apps from the inventory, apps will match if they meet the criteria for either of these configurations (that is, OR logic applies).

      6. Click Create.
    Previous
    Next

    Creating custom assets

    Creating custom assets

    For complete flexibility, you can create custom assets that are tailored to your organization's needs. Custom assets can be created from scratch or based off of an existing asset by duplicating it. For more on duplicating assets, see Duplicating assets.

    Some assets must be provided in JSON format, either by uploading a JSON file or copying and pasting JSON text into the FortiDLP Console. However, to simplify creation of list assets, such as IP address lists, these values can alternatively be entered as plain text.

    Before you create content inspection pattern and keyword list assets and SaaS app specifier assets, see Content inspection parameters, Website parameters, and File and attachment origin parameters (Preview).

    Refer to the following example assets when creating your own.

    Application binary name list

    Application binary names (list format)

    chrome.exe
Finder

    Application called path pattern list

    Application called path patterns (list format)

    .*chrome\\.exe
.*compattelrunner\\.exe -maintenance

    Application identifier list

    Application identifiers (list format)

    v1.com.google.Chrome
v1.349c76189d1923511855d5ecd55e7f3100b6251952420cb0940ba64ac1ea0b1a

    Application list

    Authorized application parameters (JSON format)

    [ 
  {
     "binary_name": "demo.exe",
     "binary_path": "C:\\Windows\\demo.exe"
  }
]

    Application window title pattern list

    Application window title patterns (list format)

    phish(ed|ing)

    Content inspection keyword list

    HIPAA diseases (list format)

    a2 anemia
aarskog's
aarskog's syndrome
aat deficiency
ab igne
abacterial

    Content inspection pattern

    US Social Security Numbers (JSON format)

    {
  "name": "US Social Security Numbers (SSN)",
  "pattern": "\\b((?:[0-9]{9})|(?:[0-9]{3}-[0-9]{2}-[0-9]{4})|(?:[0-9]{3} [0-9]{2} [0-9]{4}))\\b",
  "filter": "ssn"
}

    Domain name list

    Domain names (list format)

    mail.google.com
1.1.1.1
2001:0db8:85a3:0000:0000:8a2e:0370:7334

    File extension list

    File extensions (list format)

    docx
.docx

    File path keyword list

    File path keywords (list format)

    confidential
secrets

    Glob-style file/folder path list

    Glob-style file/folder path list (list format)

    C:\\Users\\**\\Shared\\**
**\\*.pdf
*\\Program Files\\Mozilla Firefox\\updater.exe
/Users/*/Applications/**

    IP address list

    Denylist (list format)

    192.0.2.1/16
2001:db8::68/128

    Port numbers or ranges list

    Port numbers or ranges (list format)

    22
22-24

    Registry key list

    Registry keys (list format)

    HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root\\Certificates\\*
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx\\*\\*
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*

    String mapping

    Prohibited websites (JSON format)

    {
     "gambling.com": "Gambling",
     "facebook.com": "Social Media"
}

    URL pattern list

    URL patterns (list format)

    http:\/\/
example\.com\/download

    USB serial number list

    USB serial numbers (list format)

    1000000
12345678

    USB VID/PID identifier list

    USB VID/PID identifiers (list format)

    0BDA:8152
ABCD:*
*:CDEF

    User identifier pattern list

    User identifier patterns (list format)

    S-1-0-.*
s-1-5-20
0

    Username list

    Usernames (list format)

    NT AUTHORITY\SYSTEM
root

    Username pattern list

    Username patterns (list format)

    admin.*
svc.*
NT AUTHORITY\.*

    Wi-Fi BSSID list

    Wi-Fi BSSIDs (list format)

    18:35:D1:33:EA:BF
d8:c7:c8:44:32:40

    Wi-Fi SSID list

    Wi-Fi SSIDs (list format)

    _Heathrow Wi-Fi
BTWifi-X
    How to create a custom asset (for all asset types except SaaS app specifiers)
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Select the Policy assets tab.
    3. Click Create new.
    4. In the dialog box, do the following:
      1. In the Policy asset name field, type a policy asset name and then click Done.
      2. Optionally, click the Policy asset description field, type a policy asset description, and then click Done.
      3. In the menu, select the relevant asset type. For asset type descriptions, see Assets.
      4. Optionally, click the Asset tags field, type one or more keywords or terms describing the asset, separated by a space, and then click Done.
      1. Do one of the following:
        • To manually create an asset, either type or copy/paste the values into the entry box. Non-list assets must be provided in JSON format, and list assets can be provided using plain text or JSON text as follows:
          • To provide plain text, select the List radio button and then enter one value per line. Ensure you delete any empty lines or you will be unable to create the asset.
          • To provide JSON, select the JSON radio button and then enter the values. Ensure you delete any empty entries or you will be unable to create the asset.
          Note

          The FortiDLP Console indicates if the JSON text is invalid.

        • To upload a JSON file:
          1. Click> Upload a JSON file.
          2. Select the JSON file.
      2. Click Create.
    How to create a custom SaaS app specifier asset
    Note

    It is recommended that you prepare your SaaS app inventory prior to creating SaaS app specifier assets. This will ensure that the needed apps are available for selection in the asset editor and that app conditions defined for assets align with those of apps in your inventory. For more information, see SaaS apps.
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Select the Policy assets tab.
    3. Click Create new.
    4. In the dialog box, do the following:
      1. In the Policy asset name field, type a policy asset name and then click Done.
      2. Optionally, click the Policy asset description field, type a policy asset description, and then click Done.
      3. In the menu, select SaaS app specifier.
      4. Optionally, click the Asset tags field, type one or more keywords or terms describing the asset, separated by a space, and then click Done.
      5. Do at least one of the following:
        • To define criteria to match web apps, in the Match SaaS apps by condition section, select the relevant categories, verdicts, and/or a minimum and maximum risk score from their respective menus. If multiple conditions are specified, a SaaS app will match if it has at least one of the defined values for each configured parameter.
          • Example

          For example, you might want to configure upload policy templates to only allow uploads to sanctioned apps. To do this, you could create as asset with a condition configuration that includes the Sanctioned verdict.

          Further, if your condition configuration includes the File sharing and storage and Google Apps categories and the Sanctioned verdict, apps in either category that are sanctioned will match.

        • To choose web apps from the inventory:
          1. In the Match SaaS apps from inventory section, click Add apps.
          2. In the Add SaaS applications dialog box:
            1. Select the checkbox(es) for the relevant app(s).
            2. Click Add apps.
        Note

        If you define app conditions and choose apps from the inventory, apps will match if they meet the criteria for either of these configurations (that is, OR logic applies).

      6. Click Create.
    Previous
    Next