Fortinet white logo
Fortinet white logo

FortiDLP Administration Guide

Creating custom policy groups

Creating custom policy groups

Policy groups classify a collection of policies. FortiDLP allows you to create custom policy groups and tailor the policies within them, individually, to meet your organization's needs.

Example

For example, you could create department-specific policy groups, where you configure policies for various activities—such as those related to USB device usage and files. In this scenario, you might enforce stricter policies for users in your sales department because they can access confidential client information.

You could also create activity-specific policy groups that apply across all departments where you specify general corporate security policies.

Tooltip

You can alternatively use predefined policy groups to bulk create policies. For details, see Using predefined policy groups.

Understanding labels

When creating custom policy groups, it is important to consider labels. Labels allow you to associate policy groups with groups of entities.

When you later configure policy templates (see Configuring policy templates), you can select one or more labels for the policy group to define the entities to include and/or exclude. Additionally, you can choose whether a policy group applies to entities that are assigned any or all of the selected labels.

Note

In the event that multiple policy groups are created that contain the same policies and are enabled for the same node, all policies will be passed to the FortiDLP Agent, regardless of how they are configured. This would result in duplicate detections and incidents being generated for the node if the policies are breached. Please be mindful of this when assigning labels and structuring your policy groups.

How to create a custom policy group
  1. In the FortiDLP Console, on the left-hand sidebar, click .
  2. Click Create new group.
  3. In the dialog box, do the following:
    1. Click Custom policy group.
    2. In the Name field, type a policy group name.
    3. Optionally, in the Description field, type a policy group description.
    4. Click Create.

Creating custom policy groups

Creating custom policy groups

Policy groups classify a collection of policies. FortiDLP allows you to create custom policy groups and tailor the policies within them, individually, to meet your organization's needs.

Example

For example, you could create department-specific policy groups, where you configure policies for various activities—such as those related to USB device usage and files. In this scenario, you might enforce stricter policies for users in your sales department because they can access confidential client information.

You could also create activity-specific policy groups that apply across all departments where you specify general corporate security policies.

Tooltip

You can alternatively use predefined policy groups to bulk create policies. For details, see Using predefined policy groups.

Understanding labels

When creating custom policy groups, it is important to consider labels. Labels allow you to associate policy groups with groups of entities.

When you later configure policy templates (see Configuring policy templates), you can select one or more labels for the policy group to define the entities to include and/or exclude. Additionally, you can choose whether a policy group applies to entities that are assigned any or all of the selected labels.

Note

In the event that multiple policy groups are created that contain the same policies and are enabled for the same node, all policies will be passed to the FortiDLP Agent, regardless of how they are configured. This would result in duplicate detections and incidents being generated for the node if the policies are breached. Please be mindful of this when assigning labels and structuring your policy groups.

How to create a custom policy group
  1. In the FortiDLP Console, on the left-hand sidebar, click .
  2. Click Create new group.
  3. In the dialog box, do the following:
    1. Click Custom policy group.
    2. In the Name field, type a policy group name.
    3. Optionally, in the Description field, type a policy group description.
    4. Click Create.