Fortinet white logo
Fortinet white logo

FortiDLP Administration Guide

Using predefined policy groups

Using predefined policy groups

Predefined policy groups can accelerate your policy implementation. These groups allow you to set common parameters for multiple policies at once instead of setting parameters for each policy individually. Some groups prepopulate content inspection patterns and keywords for you to save you even more time.

When using a predefined policy group, our wizard guides you through the steps to bulk create policies. Once the policies are created, you can manage them as you would policies within a custom policy group. For example, after you complete the wizard, you can tailor any policy in the group individually to meet any further requirements.

FortiDLP offers an array of predefined policy groups to help your organization comply with information security, financial, and medical regulations, and protect personally identifiable information. To learn about the groups that are available, see Predefined policy groups.

Understanding labels

When using predefined policy groups, it is important to consider labels. Labels allow you to associate policy groups with groups of entities.

When you walk through the wizard, you can select one or more labels for the predefined policy group. Additionally, you can choose whether a policy group applies to entities that are assigned any or all of the selected labels.

Note

In the event that multiple policy groups are created that contain the same policies and are enabled for the same node, all policies will be passed to the FortiDLP Agent, regardless of how they are configured. This would result in duplicate detections and incidents being generated for the node if the policies are breached. Please be mindful of this when assigning labels and structuring your policy groups.

How to use predefined policy groups
Note

If you do not set a common parameter in the wizard (see steps 3e–3g), it will need to be set on a per-policy basis after the group is created. For detailed policy configuration instructions, see Configuring policy templates.

  1. In the FortiDLP Console, on the left-hand sidebar, click .
  2. Click Create new policy group.
  3. In the dialog box, do the following:
    1. Click Predefined policy group.
    2. Click the policy group you want to use.
    3. Review the policy group description and then click Next.
    4. Select the checkboxes for the channels you want to monitor and then click Next.
    5. Set common policy parameters and then click Next. Common parameters will be shown across a series of screens, which will vary by the chosen group/channel(s).
    6. Tooltip

      In the wizard, you can hover over any parameter or icon to view the parameter's description. You can also hover over any icon to view the templates containing the parameter.

    7. Set common detection parameters:
      1. In the Score field, type a number between 1–100 to define the risk score:
        • A detection that has a risk score of 0 is classified as no severity.
        • A detection that has a risk score between 1–39 is classified as low severity.
        • A detection that has a risk score between 40–69 is classified as medium severity.
        • A detection that has a risk score between 70–89 is classified as high severity.
        • A detection that has a risk score between 90–100 is classified as critical severity.
          Note

          If you do not provide a score, the default scores for the corresponding policy templates will be applied.

      2. In the Tags field, type one or more keywords or terms to apply to detections, separated by a space.
        Note

        Any tags you provide will be used along with the default tags for the corresponding policy templates.

      3. Click Next.
    8. Set common action parameters and then click Next.
    9. Set labels to associate the policy group with relevant entities:
      • To apply the policy group all entities:
        1. In the Include section, leave the All entities radio button selected.
        2. In the Exclude section, leave the No entities radio button selected.
        3. Click Save.
      • To apply the policy group to a subset of entities by only selecting labels to include:
        1. In the Include section, select the Specific entities radio button.
        2. In the label list, select one or more labels for the entities you want to apply the group to.
        3. Do one of the following:
          • To include entities that have all of the previously selected labels, select the Require all radio button.
          • To include entities that have any of the previously selected labels, select the Require any radio button.
        4. Click Save.
        Example

        For example, to apply a policy group to all entities with a "Sales" label or a "Finance" label:

        In the Include section:

        1. Select the Specific entities radio button.
        2. In the labels list, select the Sales and Finance labels.
        3. Select the Require any radio button.
      • To apply the policy group to a subset of entities by selecting labels to include and exclude:
        1. In the Include section, follow the steps detailed above.
        2. In the Exclude section:
          1. Select the Specific entities radio button.
          2. In the label list, select one or more labels for the entities you want to exclude from the group.
          3. Do one of the following:
            • To exclude entities that have all of the previously selected labels, select the Require all radio button.
            • To exclude entities that have any of the previously selected labels, select the Require any radio button.
        3. Click Save.
      • Example

        For example, to apply a policy group to all entities except those with a "Sales" label or a "Finance" label:

        • In the Include section, select the All entities radio button.
        • In the Exclude section:
          1. Select the Specific entities radio button.
          2. In the labels list, select the Sales and Finance labels.
          3. Select the Require any radio button.

        Or, to apply a policy group to entities with a "Manager" label and a "Product" label, but not a "Windows" label:

        • In the Include section:
          1. Select the Specific entities radio button.
          2. In the labels list, select the Manager and Product labels.
          3. Select the Require all radio button.
        • In the Exclude section:
          1. Select the Specific entities radio button.
          2. In the labels list, select the Windows label.
          3. Select either the Require all or Require any radio button.
    10. Do one of the following:
      • To create and review the policy group before publishing it, click Create & review. For instructions to publish the policy group later, see Publishing policy groups.
      • To create and publish the policy group immediately, click Create & publish. Policies will be applied to nodes within 15 minutes.

Using predefined policy groups

Using predefined policy groups

Predefined policy groups can accelerate your policy implementation. These groups allow you to set common parameters for multiple policies at once instead of setting parameters for each policy individually. Some groups prepopulate content inspection patterns and keywords for you to save you even more time.

When using a predefined policy group, our wizard guides you through the steps to bulk create policies. Once the policies are created, you can manage them as you would policies within a custom policy group. For example, after you complete the wizard, you can tailor any policy in the group individually to meet any further requirements.

FortiDLP offers an array of predefined policy groups to help your organization comply with information security, financial, and medical regulations, and protect personally identifiable information. To learn about the groups that are available, see Predefined policy groups.

Understanding labels

When using predefined policy groups, it is important to consider labels. Labels allow you to associate policy groups with groups of entities.

When you walk through the wizard, you can select one or more labels for the predefined policy group. Additionally, you can choose whether a policy group applies to entities that are assigned any or all of the selected labels.

Note

In the event that multiple policy groups are created that contain the same policies and are enabled for the same node, all policies will be passed to the FortiDLP Agent, regardless of how they are configured. This would result in duplicate detections and incidents being generated for the node if the policies are breached. Please be mindful of this when assigning labels and structuring your policy groups.

How to use predefined policy groups
Note

If you do not set a common parameter in the wizard (see steps 3e–3g), it will need to be set on a per-policy basis after the group is created. For detailed policy configuration instructions, see Configuring policy templates.

  1. In the FortiDLP Console, on the left-hand sidebar, click .
  2. Click Create new policy group.
  3. In the dialog box, do the following:
    1. Click Predefined policy group.
    2. Click the policy group you want to use.
    3. Review the policy group description and then click Next.
    4. Select the checkboxes for the channels you want to monitor and then click Next.
    5. Set common policy parameters and then click Next. Common parameters will be shown across a series of screens, which will vary by the chosen group/channel(s).
    6. Tooltip

      In the wizard, you can hover over any parameter or icon to view the parameter's description. You can also hover over any icon to view the templates containing the parameter.

    7. Set common detection parameters:
      1. In the Score field, type a number between 1–100 to define the risk score:
        • A detection that has a risk score of 0 is classified as no severity.
        • A detection that has a risk score between 1–39 is classified as low severity.
        • A detection that has a risk score between 40–69 is classified as medium severity.
        • A detection that has a risk score between 70–89 is classified as high severity.
        • A detection that has a risk score between 90–100 is classified as critical severity.
          Note

          If you do not provide a score, the default scores for the corresponding policy templates will be applied.

      2. In the Tags field, type one or more keywords or terms to apply to detections, separated by a space.
        Note

        Any tags you provide will be used along with the default tags for the corresponding policy templates.

      3. Click Next.
    8. Set common action parameters and then click Next.
    9. Set labels to associate the policy group with relevant entities:
      • To apply the policy group all entities:
        1. In the Include section, leave the All entities radio button selected.
        2. In the Exclude section, leave the No entities radio button selected.
        3. Click Save.
      • To apply the policy group to a subset of entities by only selecting labels to include:
        1. In the Include section, select the Specific entities radio button.
        2. In the label list, select one or more labels for the entities you want to apply the group to.
        3. Do one of the following:
          • To include entities that have all of the previously selected labels, select the Require all radio button.
          • To include entities that have any of the previously selected labels, select the Require any radio button.
        4. Click Save.
        Example

        For example, to apply a policy group to all entities with a "Sales" label or a "Finance" label:

        In the Include section:

        1. Select the Specific entities radio button.
        2. In the labels list, select the Sales and Finance labels.
        3. Select the Require any radio button.
      • To apply the policy group to a subset of entities by selecting labels to include and exclude:
        1. In the Include section, follow the steps detailed above.
        2. In the Exclude section:
          1. Select the Specific entities radio button.
          2. In the label list, select one or more labels for the entities you want to exclude from the group.
          3. Do one of the following:
            • To exclude entities that have all of the previously selected labels, select the Require all radio button.
            • To exclude entities that have any of the previously selected labels, select the Require any radio button.
        3. Click Save.
      • Example

        For example, to apply a policy group to all entities except those with a "Sales" label or a "Finance" label:

        • In the Include section, select the All entities radio button.
        • In the Exclude section:
          1. Select the Specific entities radio button.
          2. In the labels list, select the Sales and Finance labels.
          3. Select the Require any radio button.

        Or, to apply a policy group to entities with a "Manager" label and a "Product" label, but not a "Windows" label:

        • In the Include section:
          1. Select the Specific entities radio button.
          2. In the labels list, select the Manager and Product labels.
          3. Select the Require all radio button.
        • In the Exclude section:
          1. Select the Specific entities radio button.
          2. In the labels list, select the Windows label.
          3. Select either the Require all or Require any radio button.
    10. Do one of the following:
      • To create and review the policy group before publishing it, click Create & review. For instructions to publish the policy group later, see Publishing policy groups.
      • To create and publish the policy group immediately, click Create & publish. Policies will be applied to nodes within 15 minutes.