Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Administration Guide

    Home FortiDLP FortiDLP Administration Guide

    Assets

    Assets

    Assets are predefined policy template parameter values that can be reused across policies, allowing you to work more efficiently.

    Assets fall under four categories:

    • Out of box: FortiDLP provides a series of out-of-box (OOB) assets you can choose from that do not require configuration. This includes common webmail domains, dangerous file extensions, and content inspection patterns.
    • Out of box (editable): FortiDLP provides editable OOB assets which have been partially configured, but require customization by your organization.
    • Custom: For complete flexibility, you can create custom assets from scratch, tailoring them to your specific needs.
    • Sensitivity labels: If you enable a Microsoft sensitivity labels integration, you can create assets for your organization's file and email sensitivity labels.

    The following asset types are supported.

    Asset types
    Type Description
    Application binary name list Used to create lists of binary names.
    Application called path pattern list Used to create lists of regular expressions to match binary called paths.
    Application identifier list Used to create lists of process metadata application identifiers.
    Application list Used to define application properties to match processes.
    Application window title pattern list Used to create lists of regular expressions to match application window titles.
    Content inspection keyword list Used to create lists of content inspection keywords and key phrases, such as HIPAA diseases and treatments. For more on content inspection keywords, refer to the FortiDLP Policies Reference Guide.
    Content inspection pattern Used to create content inspection patterns, such as credit and debit card numbers and social security numbers. For more on content inspection patterns, refer to the FortiDLP Policies Reference Guide.
    Domain name list Used to create lists of DNS names, IPv4 addresses, and/or IPv6 addresses.
    File attribute value list Used to create lists of file attribute values for third-party plugins.
    File extension list Used to create lists of file extensions.
    File path keyword list Used to create lists of keywords appearing anywhere in a file path.
    Filename pattern list Used to create lists of regular expressions to match filenames.
    Generic string list Used to create lists that are not met by other string list asset types.
    Glob-style file/folder path list Used to create lists of file path expressions/glob-style shell filename patterns.
    IP address list Used to create lists of IPv4 or IPv6 addresses in CIDR format for denylists, internal subnets, and so on.
    Microsoft sensitivity label Microsoft sensitivity labels integration required. Used to identify sensitivity labels that have been applied to files and emails and synced to the FortiDLP Infrastructure.
    Port numbers or range list Used to create lists of port numbers or port ranges.
    PowerShell cmdlet pattern list Used to create lists of regular expressions to match unauthorized PowerShell cmdlets.
    Registry key list Used to create lists of glob-style shell filename patterns to match Windows registry keys.
    SaaS app specifier Used to define app conditions to match SaaS apps, and/or choose apps directly from the SaaS app inventory.
    String mapping Used to create sets of key-value string pairs defining mappings; e.g. domain names (keys) could be mapped to website categories (values) for phishing, gambling, and gaming.
    URL pattern list Used to create lists of regular expressions to match URLs.
    USB VID/PID identifier list Used to create lists of USB device Vendor ID (VID) and Product ID (PID) combinations.
    USB serial number list Used to create lists of USB device serial numbers.
    User identifier pattern list Used to create lists of regular expressions to match user identifiers (SID on Windows, and UID on Linux and macOS).
    Username list Used to create lists of usernames.
    Username pattern list Used to create lists of regular expressions to match usernames.
    Wi-Fi BSSID list Used to create lists of Wi-Fi BSSIDs/wireless access point MAC addresses.
    Wi-Fi SSID list Used to create lists of Wi-Fi SSIDs/wireless network names.
    Previous
    Next

    Assets

    Assets

    Assets are predefined policy template parameter values that can be reused across policies, allowing you to work more efficiently.

    Assets fall under four categories:

    • Out of box: FortiDLP provides a series of out-of-box (OOB) assets you can choose from that do not require configuration. This includes common webmail domains, dangerous file extensions, and content inspection patterns.
    • Out of box (editable): FortiDLP provides editable OOB assets which have been partially configured, but require customization by your organization.
    • Custom: For complete flexibility, you can create custom assets from scratch, tailoring them to your specific needs.
    • Sensitivity labels: If you enable a Microsoft sensitivity labels integration, you can create assets for your organization's file and email sensitivity labels.

    The following asset types are supported.

    Asset types
    Type Description
    Application binary name list Used to create lists of binary names.
    Application called path pattern list Used to create lists of regular expressions to match binary called paths.
    Application identifier list Used to create lists of process metadata application identifiers.
    Application list Used to define application properties to match processes.
    Application window title pattern list Used to create lists of regular expressions to match application window titles.
    Content inspection keyword list Used to create lists of content inspection keywords and key phrases, such as HIPAA diseases and treatments. For more on content inspection keywords, refer to the FortiDLP Policies Reference Guide.
    Content inspection pattern Used to create content inspection patterns, such as credit and debit card numbers and social security numbers. For more on content inspection patterns, refer to the FortiDLP Policies Reference Guide.
    Domain name list Used to create lists of DNS names, IPv4 addresses, and/or IPv6 addresses.
    File attribute value list Used to create lists of file attribute values for third-party plugins.
    File extension list Used to create lists of file extensions.
    File path keyword list Used to create lists of keywords appearing anywhere in a file path.
    Filename pattern list Used to create lists of regular expressions to match filenames.
    Generic string list Used to create lists that are not met by other string list asset types.
    Glob-style file/folder path list Used to create lists of file path expressions/glob-style shell filename patterns.
    IP address list Used to create lists of IPv4 or IPv6 addresses in CIDR format for denylists, internal subnets, and so on.
    Microsoft sensitivity label Microsoft sensitivity labels integration required. Used to identify sensitivity labels that have been applied to files and emails and synced to the FortiDLP Infrastructure.
    Port numbers or range list Used to create lists of port numbers or port ranges.
    PowerShell cmdlet pattern list Used to create lists of regular expressions to match unauthorized PowerShell cmdlets.
    Registry key list Used to create lists of glob-style shell filename patterns to match Windows registry keys.
    SaaS app specifier Used to define app conditions to match SaaS apps, and/or choose apps directly from the SaaS app inventory.
    String mapping Used to create sets of key-value string pairs defining mappings; e.g. domain names (keys) could be mapped to website categories (values) for phishing, gambling, and gaming.
    URL pattern list Used to create lists of regular expressions to match URLs.
    USB VID/PID identifier list Used to create lists of USB device Vendor ID (VID) and Product ID (PID) combinations.
    USB serial number list Used to create lists of USB device serial numbers.
    User identifier pattern list Used to create lists of regular expressions to match user identifiers (SID on Windows, and UID on Linux and macOS).
    Username list Used to create lists of usernames.
    Username pattern list Used to create lists of regular expressions to match usernames.
    Wi-Fi BSSID list Used to create lists of Wi-Fi BSSIDs/wireless access point MAC addresses.
    Wi-Fi SSID list Used to create lists of Wi-Fi SSIDs/wireless network names.
    Previous
    Next