Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.1.b
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiEndpoint Administration Guide

    Configuring FortiData integration

    Configuring FortiData integration

    You can configure an integration between FortiClient, EMS, and FortiData. FortiData is a document classification and labeling service. It contains a database (DB) of your file hashes, along with file metadata, including a data category (optional) and a label. The file data labels work in the same way as Microsoft's Purview Information Protection labels, although the labels are not included in the file content but are associated with the file hash in the FortiData DB. A label taxonomy is defined to represent the various classification levels required for an organization. FortiClient can integrate with FortiData to retrieve file data labels and use them to control file access.

    The following describes how the integration functions once configured:

    1. The EMS administrator configures a FortiData Fortinet Security Fabric Connector to establish trust. EMS and FortiData communicate in the following ways:
      • EMS pulls a data label list from FortiData to use in Data Protection profiles.
      • EMS send its certificate to FortiData to verify tokens that managed endpoints send for lookup.
      • FortiData must provide a connector API key for Fabric connection with EMS.
      • Any other information exchanges between EMS and FortiData are done via this connector.
      • FortiData only accepts requests from endpoints that this EMS manages. FortiData verifies this using the EMS serial number.
      • EMS sends FortiData a zero trust network access (ZTNA) certificate that FortiData to verify FortiClient requests. FortiData must provide the API key to receive the ZTNA certificate.
    2. The EMS administrator defines a Data Protection profile to monitor access to a file based on its data label.
    3. The EMS administrator defines which file types to send to FortiData for classification lookup. FortiClient only sends the selected file types for lookup. FortiData supports file uploads for OCR, such as JPEG and GIF.
    4. When a user downloads or opens a file that matches the configuration, FortiClient performs a hash lookup and retrieves the data label from FortiData for that file.
    5. FortiClient sends its token with the request to authenticate with FortiData to authorize the endpoint.
    6. FortiClient enforces file access based on classification rules that EMS defined. All file monitor activity is logged.

    FortiClient and EMS support integration with FortiData 7.6.1 and later versions. This feature requires the Endpoint Protection Platform license.

    To configure FortiData for the integration:
    1. Install FortiData-VM 7.6.1.
    2. Configure FortiData discovery policies for file scanning on the endpoint:
      1. Go to Discovery > Policies.
      2. Create and configure a policy as desired.
    3. Configure scan policies to scan for those files. FortiData scans files and assigns labels to files that match the policy after the scan completes:
      1. Go to Discovery > Scans.
      2. Configure the scan policy as desired.

    4. For FortiData and EMS to establish Fabric connection, you must upload a publicly signed certificate to FortiData. Upload the certificate:
      1. Go to System > Certificates.
      2. Click Import Certificate > Add a new certificate.
      3. Upload the certificate and key files.
    5. Go to Fabric > HTTP2 Service > API Keys. Click New API Key. You will use this API key to establish Fabric connection between EMS and FortiData.
    6. Create a Fabric connector for EMS in FortiData:
      1. Go to Fabric > HTTP2 Service.
      2. Under Settings, configure a new device.
      3. From the Device Type dropdown list, select FortiClient EMS.
      4. In the IPv4 Address / Ranges field, enter 0.0.0.0/0.
      5. Click Enable API Key Authentication.
      6. From the Associated Scan Policies dropdown list, select the scan policy that you created.
      7. From the Associated Discovery Policies dropdown list, select the discovery policy that you created.
      8. Click Save.
    7. Create a Fabric connector for FortiClient in FortiData:
      1. Go to Fabric > HTTP2 Service.
      2. Under Settings, configure a new device.
      3. From the Device Type dropdown list, select FortiClient.
      4. Click Enable Client Certificate Validation Using EMS CA.
      5. Click Save.
    To configure the integration in EMS:
    1. Create a FortiData connector:
      1. In EMS, go to Fabric & Connectors . Fabric Devices.
      2. Click Add.
      3. From the Connector Type dropdown list, select FortiData.
      4. In the FortiData Hostname / IP address field, enter the FortiData IP address.
      5. In the FortiData Port field, enter 8443.
      6. In the FortiData REST API Key field, paste the key that you created in FortiData.
      7. Click Next and complete creating the FortiData connector. Once EMS establishes the connection with FortiData, it queries tags and file types from FortiData.
    2. Create a data protection profile:
      1. Go to Endpoint Profiles > Data Protection.
      2. Create a new profile.
      3. From the Server dropdown list, select the FortiData server.
      4. Under Enable On, enable Browser, Messaging Clients, or Clipboard to enable the data protection feature on.
      5. Under File Extensions, select the desired extensions.

    3. Configure the certificate that you created in FortiData in EMS:
      1. Go to Endpoint Policy & Components > CA Certificates.
      2. Click Upload.
      3. Click Upload File.
      4. Browse to and select the certificate that you created in FortiData. Click OK.
      5. Go to Endpoint Profiles > System Settings.
      6. Create a new profile or edit an existing one.
      7. Under Other, enable Install CA Certificate on Client.
      8. Ensure that the desired certificate is selected. FortiClient uses certificate chain validation to verify the FortiData server identity. If you generated your own self-signed certificate for FortiData, you only need to install a root certificate authority (CA) certificate on the endpoint. Using an SSL certificate from a trusted CA is recommended.
      9. Click Save.
    To install FortiClient with FortiData support:
    1. Run the FortiClient installer on the endpoint. In Additional Security Features, select Data Protection. Configure other installation options as desired.
    2. After FortiClient connects to EMS, in Registry Editor, confirm that Computer\HKEY_LOCAL\SOFTWARE\Fortinet\FortiClient\FA_FTDATA exists and includes the configurations from EMS.
    To verify the FortiData integration:
    1. Do one of the following from the endpoint, using a file that matches the conditions configured in FortiData:
      • Upload a file to a website.
      • Upload a file on a messaging client, such as Microsoft Teams.
      • Open a file and take a screenshot. This copies the file to the clipboard.

      FortiClient calculates the hash of the file, sends it to FortiData, and checks if the hash matches any labels. If there is a label match, FortiClient monitors access to the file and sends event details to EMS.

    2. In EMS, go to Endpoints > All Endpoints.
    3. Select the desired endpoint.
    4. Go to the Data Protection Events tab. This tab lists the following information about data protection events:

      • Date/time of event

      • User name

      • Hostname

      • Action type, i.e. monitor or block.

      • Mode: either simulation or protection mode.

      • File hash

      • Data Label

      • Filename/path

    5. After uploading the file check fcaptmontrace_1 logs in the trace folder, you can see the matched label and file name and uploaded platform. The following shows example logs for different scenarios:

      Scenario

      Log example

      Browser upload

      [2025-06-27 09:59:25.2311041 UTC-07:00] [4244:4656] [fcaptmontrace 431 info] sending ems alert,C:\Users\kk\Desktop\testpkg\testpkg\phi_internal\phi_1_patient_admission_notes--patient_name-dob-diagnosis.png,Monitor- Matched label(s): Internal;Machine_Learning;PHI;PII, Content: C:\Users\kk\Desktop\testpkg\testpkg\phi_internal\phi_1_patient_admission_notes--patient_name-dob-diagnosis.png, hash = 9fc7c807621dadcf29e459db8569884ddce8e718,,Monitor,9fc7c807621dadcf29e459db8569884ddce8e718,Internal;Machine_Learning;PHI;PII,chrome.exe

      Screenshotted (clipboard)

      [2025-06-26 17:40:04.2583481 UTC-07:00] [5780:10548] [fcaptmontrace 431 info] sending ems alert,screenshot.jpeg,Monitor-clipboard Matched label(s): Internal;Machine_Learning;PHI;PII;Public, Content: screenshot.jpeg, hash = fedbfa3746a420fbd86342077eb04dbd7d821947,clipboard,Monitor,fedbfa3746a420fbd86342077eb04dbd7d821947,Internal;Machine_Learning;PHI;PII;Public,clipboard

      Sent via Microsoft Teams

      [2025-06-26 17:46:15.0600390 UTC-07:00] [5780:12240] [fcaptmontrace 431 info] sending ems alert,C:\Users\kk\Desktop\testpkg\testpkg\pii_public\pii--50_names.txt,Monitor- Matched label(s): Machine_Learning;PII;Public, Content: C:\Users\kk\Desktop\testpkg\testpkg\pii_public\pii--50_names.txt, hash = 42f2c523834b26ae6934d73de2238a656eafba22,,Monitor,42f2c523834b26ae6934d73de2238a656eafba22,Machine_Learning;PII;Public,msedgewebview2.exe

      Sent via Telegram

      [2025-06-27 09:40:28.7196748 UTC-07:00] [4244:5768] [fcaptmontrace 431 info] sending ems alert,C:\Users\kk\Desktop\testpkg\testpkg\pii_public\pii--50_names-50_ssns-50_us_drivers_licenses.xlsx,Monitor- Matched label(s): Machine_Learning;PII;Public, Content: C:\Users\kk\Desktop\testpkg\testpkg\pii_public\pii--50_names-50_ssns-50_us_drivers_licenses.xlsx, hash = 3a0b43d3e2e5998e40c45adbaae260bf7900d9be,,Monitor,3a0b43d3e2e5998e40c45adbaae260bf7900d9be,Machine_Learning;PII;Public,Telegram.exe

    6. To check the logs in FortiData, run the following commands: 
      diagnose logs http2 50
diagnose logs analyzer 50

      The following shows example output from these commands:

      [DEBUG]  2025/06/26 03:10:28.160563 tag_info_service.go:58  Updated tag cache: map[APPI:Compliance APPs:Compliance ASIA:Data Residency AUSTRALIA:Data Residency BRAZIL:Data Residency CCPA:Compliance CSL:Compliance Clinical Records:Data Classification Clinical Studies:Data Classification Compliance and Risk Management:Data Classification Confidential:Sensitivity Configuration Files:Data Classification Contracts and Agreements:Data Classification Credentials and Keys:Data Classification Credit and Risk Management:Data Classification DPA:Compliance Development Documentation:Data Classification EU:Data Residency Education:Data Classification FERPA:Compliance FISMA:Compliance Finance:Data Classification Financial Report:Data Classification Financial Strategy and Research:Data Classification GDPR:Compliance GLBA:Compliance HIPAA:Compliance HR Documentation:Data Classification Healthcare:Data Classification Highly Confidential:Sensitivity Information Technology:Data Classification Insurance and Settlement:Data Classification Internal:Sensitivity JAPAN:Data Residency LGPD:Compliance Legal:Data Classification License Agreement:Data Classification Manufacture:Data Classification Medication Management:Data Classification NDA Form:Data Classification NIST 800-53 and NIST 800-171:Compliance Operational Documentation:Data Classification PCI_DSS:Compliance PHI:Data Classification PII:Data Classification PIPEDA:Compliance Patent:Data Classification Payment Card Data:Data Classification Performance Review:Data Classification Public:Sensitivity Restricted:Sensitivity SOX:Compliance Source Code:Data Classification Test Documentation:Data Classification Timesheet:Data Classification Training Materials:Data Classification Transaction Record:Data Classification UK:Data Residency US:Data Residency User Documentation:Data Classification]
[DEBUG]  2025/06/26 03:15:28.160441 tag_info_service.go:58  Updated tag cache: map[APPI:Compliance APPs:Compliance ASIA:Data Residency AUSTRALIA:Data Residency BRAZIL:Data Residency CCPA:Compliance CSL:Compliance Clinical Records:Data Classification Clinical Studies:Data Classification Compliance and Risk Management:Data Classification Confidential:Sensitivity Configuration Files:Data Classification Contracts and Agreements:Data Classification Credentials and Keys:Data Classification Credit and Risk Management:Data Classification DPA:Compliance Development Documentation:Data Classification EU:Data Residency Education:Data Classification FERPA:Compliance FISMA:Compliance Finance:Data Classification Financial Report:Data Classification Financial Strategy and Research:Data Classification GDPR:Compliance GLBA:Compliance HIPAA:Compliance HR Documentation:Data Classification Healthcare:Data Classification Highly Confidential:Sensitivity Information Technology:Data Classification Insurance and Settlement:Data Classification Internal:Sensitivity JAPAN:Data Residency LGPD:Compliance Legal:Data Classification License Agreement:Data Classification Manufacture:Data Classification Medication Management:Data Classification NDA Form:Data Classification NIST 800-53 and NIST 800-171:Compliance Operational Documentation:Data Classification PCI_DSS:Compliance PHI:Data Classification PII:Data Classification PIPEDA:Compliance Patent:Data Classification Payment Card Data:Data Classification Performance Review:Data Classification Public:Sensitivity Restricted:Sensitivity SOX:Compliance Source Code:Data Classification Test Documentation:Data Classification Timesheet:Data Classification Training Materials:Data Classification Transaction Record:Data Classification UK:Data Residency US:Data Residency User Documentation:Data Classification]
[DEBUG]  2025/06/26 03:20:28.159709 tag_info_service.go:58  Updated tag cache: map[APPI:Compliance APPs:Compliance ASIA:Data Residency AUSTRALIA:Data Residency BRAZIL:Data Residency CCPA:Compliance CSL:Compliance Clinical Records:Data Classification Clinical Studies:Data Classification Compliance and Risk Management:Data Classification Confidential:Sensitivity Configuration Files:Data Classification Contracts and Agreements:Data Classification Credentials and Keys:Data Classification Credit and Risk Management:Data Classification DPA:Compliance Development Documentation:Data Classification EU:Data Residency Education:Data Classification FERPA:Compliance FISMA:Compliance Finance:Data Classification Financial Report:Data Classification Financial Strategy and Research:Data Classification GDPR:Compliance GLBA:Compliance HIPAA:Compliance HR Documentation:Data Classification Healthcare:Data Classification Highly Confidential:Sensitivity Information Technology:Data Classification Insurance and Settlement:Data Classification Internal:Sensitivity JAPAN:Data Residency LGPD:Compliance Legal:Data Classification License Agreement:Data Classification Manufacture:Data Classification Medication Management:Data Classification NDA Form:Data Classification NIST 800-53 and NIST 800-171:Compliance Operational Documentation:Data Classification PCI_DSS:Compliance PHI:Data Classification PII:Data Classification PIPEDA:Compliance Patent:Data Classification Payment Card Data:Data Classification Performance Review:Data Classification Public:Sensitivity Restricted:Sensitivity SOX:Compliance Source Code:Data Classification Test Documentation:Data Classification Timesheet:Data Classification Training Materials:Data Classification Transaction Record:Data Classification UK:Data Residency US:Data Residency User Documentation:Data Classification]
[DEBUG]  2025/06/26 03:25:28.159904 tag_info_service.go:58  Updated tag cache: map[APPI:Compliance APPs:Compliance ASIA:Data Residency AUSTRALIA:Data Residency BRAZIL:Data Residency CCPA:Compliance CSL:Compliance Clinical Records:Data Classification Clinical Studies:Data Classification Compliance and Risk Management:Data Classification Confidential:Sensitivity Configuration Files:Data Classification Contracts and Agreements:Data Classification Credentials and Keys:Data Classification Credit and Risk Management:Data Classification DPA:Compliance Development Documentation:Data Classification EU:Data Residency Education:Data Classification FERPA:Compliance FISMA:Compliance Finance:Data Classification Financial Report:Data Classification Financial Strategy and Research:Data Classification GDPR:Compliance GLBA:Compliance HIPAA:Compliance HR Documentation:Data Classification Healthcare:Data Classification Highly Confidential:Sensitivity Information Technology:Data Classification Insurance and Settlement:Data Classification Internal:Sensitivity JAPAN:Data Residency LGPD:Compliance Legal:Data Classification License Agreement:Data Classification Manufacture:Data Classification Medication Management:Data Classification NDA Form:Data Classification NIST 800-53 and NIST 800-171:Compliance Operational Documentation:Data Classification PCI_DSS:Compliance PHI:Data Classification PII:Data Classification PIPEDA:Compliance Patent:Data Classification Payment Card Data:Data Classification Performance Review:Data Classification Public:Sensitivity Restricted:Sensitivity SOX:Compliance Source Code:Data Classification Test Documentation:Data Classification Timesheet:Data Classification Training Materials:Data Classification Transaction Record:Data Classification UK:Data Residency US:Data Residency User Documentation:Data Classification]
    Previous
    Next

    Configuring FortiData integration

    Configuring FortiData integration

    You can configure an integration between FortiClient, EMS, and FortiData. FortiData is a document classification and labeling service. It contains a database (DB) of your file hashes, along with file metadata, including a data category (optional) and a label. The file data labels work in the same way as Microsoft's Purview Information Protection labels, although the labels are not included in the file content but are associated with the file hash in the FortiData DB. A label taxonomy is defined to represent the various classification levels required for an organization. FortiClient can integrate with FortiData to retrieve file data labels and use them to control file access.

    The following describes how the integration functions once configured:

    1. The EMS administrator configures a FortiData Fortinet Security Fabric Connector to establish trust. EMS and FortiData communicate in the following ways:
      • EMS pulls a data label list from FortiData to use in Data Protection profiles.
      • EMS send its certificate to FortiData to verify tokens that managed endpoints send for lookup.
      • FortiData must provide a connector API key for Fabric connection with EMS.
      • Any other information exchanges between EMS and FortiData are done via this connector.
      • FortiData only accepts requests from endpoints that this EMS manages. FortiData verifies this using the EMS serial number.
      • EMS sends FortiData a zero trust network access (ZTNA) certificate that FortiData to verify FortiClient requests. FortiData must provide the API key to receive the ZTNA certificate.
    2. The EMS administrator defines a Data Protection profile to monitor access to a file based on its data label.
    3. The EMS administrator defines which file types to send to FortiData for classification lookup. FortiClient only sends the selected file types for lookup. FortiData supports file uploads for OCR, such as JPEG and GIF.
    4. When a user downloads or opens a file that matches the configuration, FortiClient performs a hash lookup and retrieves the data label from FortiData for that file.
    5. FortiClient sends its token with the request to authenticate with FortiData to authorize the endpoint.
    6. FortiClient enforces file access based on classification rules that EMS defined. All file monitor activity is logged.

    FortiClient and EMS support integration with FortiData 7.6.1 and later versions. This feature requires the Endpoint Protection Platform license.

    To configure FortiData for the integration:
    1. Install FortiData-VM 7.6.1.
    2. Configure FortiData discovery policies for file scanning on the endpoint:
      1. Go to Discovery > Policies.
      2. Create and configure a policy as desired.
    3. Configure scan policies to scan for those files. FortiData scans files and assigns labels to files that match the policy after the scan completes:
      1. Go to Discovery > Scans.
      2. Configure the scan policy as desired.

    4. For FortiData and EMS to establish Fabric connection, you must upload a publicly signed certificate to FortiData. Upload the certificate:
      1. Go to System > Certificates.
      2. Click Import Certificate > Add a new certificate.
      3. Upload the certificate and key files.
    5. Go to Fabric > HTTP2 Service > API Keys. Click New API Key. You will use this API key to establish Fabric connection between EMS and FortiData.
    6. Create a Fabric connector for EMS in FortiData:
      1. Go to Fabric > HTTP2 Service.
      2. Under Settings, configure a new device.
      3. From the Device Type dropdown list, select FortiClient EMS.
      4. In the IPv4 Address / Ranges field, enter 0.0.0.0/0.
      5. Click Enable API Key Authentication.
      6. From the Associated Scan Policies dropdown list, select the scan policy that you created.
      7. From the Associated Discovery Policies dropdown list, select the discovery policy that you created.
      8. Click Save.
    7. Create a Fabric connector for FortiClient in FortiData:
      1. Go to Fabric > HTTP2 Service.
      2. Under Settings, configure a new device.
      3. From the Device Type dropdown list, select FortiClient.
      4. Click Enable Client Certificate Validation Using EMS CA.
      5. Click Save.
    To configure the integration in EMS:
    1. Create a FortiData connector:
      1. In EMS, go to Fabric & Connectors . Fabric Devices.
      2. Click Add.
      3. From the Connector Type dropdown list, select FortiData.
      4. In the FortiData Hostname / IP address field, enter the FortiData IP address.
      5. In the FortiData Port field, enter 8443.
      6. In the FortiData REST API Key field, paste the key that you created in FortiData.
      7. Click Next and complete creating the FortiData connector. Once EMS establishes the connection with FortiData, it queries tags and file types from FortiData.
    2. Create a data protection profile:
      1. Go to Endpoint Profiles > Data Protection.
      2. Create a new profile.
      3. From the Server dropdown list, select the FortiData server.
      4. Under Enable On, enable Browser, Messaging Clients, or Clipboard to enable the data protection feature on.
      5. Under File Extensions, select the desired extensions.

    3. Configure the certificate that you created in FortiData in EMS:
      1. Go to Endpoint Policy & Components > CA Certificates.
      2. Click Upload.
      3. Click Upload File.
      4. Browse to and select the certificate that you created in FortiData. Click OK.
      5. Go to Endpoint Profiles > System Settings.
      6. Create a new profile or edit an existing one.
      7. Under Other, enable Install CA Certificate on Client.
      8. Ensure that the desired certificate is selected. FortiClient uses certificate chain validation to verify the FortiData server identity. If you generated your own self-signed certificate for FortiData, you only need to install a root certificate authority (CA) certificate on the endpoint. Using an SSL certificate from a trusted CA is recommended.
      9. Click Save.
    To install FortiClient with FortiData support:
    1. Run the FortiClient installer on the endpoint. In Additional Security Features, select Data Protection. Configure other installation options as desired.
    2. After FortiClient connects to EMS, in Registry Editor, confirm that Computer\HKEY_LOCAL\SOFTWARE\Fortinet\FortiClient\FA_FTDATA exists and includes the configurations from EMS.
    To verify the FortiData integration:
    1. Do one of the following from the endpoint, using a file that matches the conditions configured in FortiData:
      • Upload a file to a website.
      • Upload a file on a messaging client, such as Microsoft Teams.
      • Open a file and take a screenshot. This copies the file to the clipboard.

      FortiClient calculates the hash of the file, sends it to FortiData, and checks if the hash matches any labels. If there is a label match, FortiClient monitors access to the file and sends event details to EMS.

    2. In EMS, go to Endpoints > All Endpoints.
    3. Select the desired endpoint.
    4. Go to the Data Protection Events tab. This tab lists the following information about data protection events:

      • Date/time of event

      • User name

      • Hostname

      • Action type, i.e. monitor or block.

      • Mode: either simulation or protection mode.

      • File hash

      • Data Label

      • Filename/path

    5. After uploading the file check fcaptmontrace_1 logs in the trace folder, you can see the matched label and file name and uploaded platform. The following shows example logs for different scenarios:

      Scenario

      Log example

      Browser upload

      [2025-06-27 09:59:25.2311041 UTC-07:00] [4244:4656] [fcaptmontrace 431 info] sending ems alert,C:\Users\kk\Desktop\testpkg\testpkg\phi_internal\phi_1_patient_admission_notes--patient_name-dob-diagnosis.png,Monitor- Matched label(s): Internal;Machine_Learning;PHI;PII, Content: C:\Users\kk\Desktop\testpkg\testpkg\phi_internal\phi_1_patient_admission_notes--patient_name-dob-diagnosis.png, hash = 9fc7c807621dadcf29e459db8569884ddce8e718,,Monitor,9fc7c807621dadcf29e459db8569884ddce8e718,Internal;Machine_Learning;PHI;PII,chrome.exe

      Screenshotted (clipboard)

      [2025-06-26 17:40:04.2583481 UTC-07:00] [5780:10548] [fcaptmontrace 431 info] sending ems alert,screenshot.jpeg,Monitor-clipboard Matched label(s): Internal;Machine_Learning;PHI;PII;Public, Content: screenshot.jpeg, hash = fedbfa3746a420fbd86342077eb04dbd7d821947,clipboard,Monitor,fedbfa3746a420fbd86342077eb04dbd7d821947,Internal;Machine_Learning;PHI;PII;Public,clipboard

      Sent via Microsoft Teams

      [2025-06-26 17:46:15.0600390 UTC-07:00] [5780:12240] [fcaptmontrace 431 info] sending ems alert,C:\Users\kk\Desktop\testpkg\testpkg\pii_public\pii--50_names.txt,Monitor- Matched label(s): Machine_Learning;PII;Public, Content: C:\Users\kk\Desktop\testpkg\testpkg\pii_public\pii--50_names.txt, hash = 42f2c523834b26ae6934d73de2238a656eafba22,,Monitor,42f2c523834b26ae6934d73de2238a656eafba22,Machine_Learning;PII;Public,msedgewebview2.exe

      Sent via Telegram

      [2025-06-27 09:40:28.7196748 UTC-07:00] [4244:5768] [fcaptmontrace 431 info] sending ems alert,C:\Users\kk\Desktop\testpkg\testpkg\pii_public\pii--50_names-50_ssns-50_us_drivers_licenses.xlsx,Monitor- Matched label(s): Machine_Learning;PII;Public, Content: C:\Users\kk\Desktop\testpkg\testpkg\pii_public\pii--50_names-50_ssns-50_us_drivers_licenses.xlsx, hash = 3a0b43d3e2e5998e40c45adbaae260bf7900d9be,,Monitor,3a0b43d3e2e5998e40c45adbaae260bf7900d9be,Machine_Learning;PII;Public,Telegram.exe

    6. To check the logs in FortiData, run the following commands: 
      diagnose logs http2 50
diagnose logs analyzer 50

      The following shows example output from these commands:

      [DEBUG]  2025/06/26 03:10:28.160563 tag_info_service.go:58  Updated tag cache: map[APPI:Compliance APPs:Compliance ASIA:Data Residency AUSTRALIA:Data Residency BRAZIL:Data Residency CCPA:Compliance CSL:Compliance Clinical Records:Data Classification Clinical Studies:Data Classification Compliance and Risk Management:Data Classification Confidential:Sensitivity Configuration Files:Data Classification Contracts and Agreements:Data Classification Credentials and Keys:Data Classification Credit and Risk Management:Data Classification DPA:Compliance Development Documentation:Data Classification EU:Data Residency Education:Data Classification FERPA:Compliance FISMA:Compliance Finance:Data Classification Financial Report:Data Classification Financial Strategy and Research:Data Classification GDPR:Compliance GLBA:Compliance HIPAA:Compliance HR Documentation:Data Classification Healthcare:Data Classification Highly Confidential:Sensitivity Information Technology:Data Classification Insurance and Settlement:Data Classification Internal:Sensitivity JAPAN:Data Residency LGPD:Compliance Legal:Data Classification License Agreement:Data Classification Manufacture:Data Classification Medication Management:Data Classification NDA Form:Data Classification NIST 800-53 and NIST 800-171:Compliance Operational Documentation:Data Classification PCI_DSS:Compliance PHI:Data Classification PII:Data Classification PIPEDA:Compliance Patent:Data Classification Payment Card Data:Data Classification Performance Review:Data Classification Public:Sensitivity Restricted:Sensitivity SOX:Compliance Source Code:Data Classification Test Documentation:Data Classification Timesheet:Data Classification Training Materials:Data Classification Transaction Record:Data Classification UK:Data Residency US:Data Residency User Documentation:Data Classification]
[DEBUG]  2025/06/26 03:15:28.160441 tag_info_service.go:58  Updated tag cache: map[APPI:Compliance APPs:Compliance ASIA:Data Residency AUSTRALIA:Data Residency BRAZIL:Data Residency CCPA:Compliance CSL:Compliance Clinical Records:Data Classification Clinical Studies:Data Classification Compliance and Risk Management:Data Classification Confidential:Sensitivity Configuration Files:Data Classification Contracts and Agreements:Data Classification Credentials and Keys:Data Classification Credit and Risk Management:Data Classification DPA:Compliance Development Documentation:Data Classification EU:Data Residency Education:Data Classification FERPA:Compliance FISMA:Compliance Finance:Data Classification Financial Report:Data Classification Financial Strategy and Research:Data Classification GDPR:Compliance GLBA:Compliance HIPAA:Compliance HR Documentation:Data Classification Healthcare:Data Classification Highly Confidential:Sensitivity Information Technology:Data Classification Insurance and Settlement:Data Classification Internal:Sensitivity JAPAN:Data Residency LGPD:Compliance Legal:Data Classification License Agreement:Data Classification Manufacture:Data Classification Medication Management:Data Classification NDA Form:Data Classification NIST 800-53 and NIST 800-171:Compliance Operational Documentation:Data Classification PCI_DSS:Compliance PHI:Data Classification PII:Data Classification PIPEDA:Compliance Patent:Data Classification Payment Card Data:Data Classification Performance Review:Data Classification Public:Sensitivity Restricted:Sensitivity SOX:Compliance Source Code:Data Classification Test Documentation:Data Classification Timesheet:Data Classification Training Materials:Data Classification Transaction Record:Data Classification UK:Data Residency US:Data Residency User Documentation:Data Classification]
[DEBUG]  2025/06/26 03:20:28.159709 tag_info_service.go:58  Updated tag cache: map[APPI:Compliance APPs:Compliance ASIA:Data Residency AUSTRALIA:Data Residency BRAZIL:Data Residency CCPA:Compliance CSL:Compliance Clinical Records:Data Classification Clinical Studies:Data Classification Compliance and Risk Management:Data Classification Confidential:Sensitivity Configuration Files:Data Classification Contracts and Agreements:Data Classification Credentials and Keys:Data Classification Credit and Risk Management:Data Classification DPA:Compliance Development Documentation:Data Classification EU:Data Residency Education:Data Classification FERPA:Compliance FISMA:Compliance Finance:Data Classification Financial Report:Data Classification Financial Strategy and Research:Data Classification GDPR:Compliance GLBA:Compliance HIPAA:Compliance HR Documentation:Data Classification Healthcare:Data Classification Highly Confidential:Sensitivity Information Technology:Data Classification Insurance and Settlement:Data Classification Internal:Sensitivity JAPAN:Data Residency LGPD:Compliance Legal:Data Classification License Agreement:Data Classification Manufacture:Data Classification Medication Management:Data Classification NDA Form:Data Classification NIST 800-53 and NIST 800-171:Compliance Operational Documentation:Data Classification PCI_DSS:Compliance PHI:Data Classification PII:Data Classification PIPEDA:Compliance Patent:Data Classification Payment Card Data:Data Classification Performance Review:Data Classification Public:Sensitivity Restricted:Sensitivity SOX:Compliance Source Code:Data Classification Test Documentation:Data Classification Timesheet:Data Classification Training Materials:Data Classification Transaction Record:Data Classification UK:Data Residency US:Data Residency User Documentation:Data Classification]
[DEBUG]  2025/06/26 03:25:28.159904 tag_info_service.go:58  Updated tag cache: map[APPI:Compliance APPs:Compliance ASIA:Data Residency AUSTRALIA:Data Residency BRAZIL:Data Residency CCPA:Compliance CSL:Compliance Clinical Records:Data Classification Clinical Studies:Data Classification Compliance and Risk Management:Data Classification Confidential:Sensitivity Configuration Files:Data Classification Contracts and Agreements:Data Classification Credentials and Keys:Data Classification Credit and Risk Management:Data Classification DPA:Compliance Development Documentation:Data Classification EU:Data Residency Education:Data Classification FERPA:Compliance FISMA:Compliance Finance:Data Classification Financial Report:Data Classification Financial Strategy and Research:Data Classification GDPR:Compliance GLBA:Compliance HIPAA:Compliance HR Documentation:Data Classification Healthcare:Data Classification Highly Confidential:Sensitivity Information Technology:Data Classification Insurance and Settlement:Data Classification Internal:Sensitivity JAPAN:Data Residency LGPD:Compliance Legal:Data Classification License Agreement:Data Classification Manufacture:Data Classification Medication Management:Data Classification NDA Form:Data Classification NIST 800-53 and NIST 800-171:Compliance Operational Documentation:Data Classification PCI_DSS:Compliance PHI:Data Classification PII:Data Classification PIPEDA:Compliance Patent:Data Classification Payment Card Data:Data Classification Performance Review:Data Classification Public:Sensitivity Restricted:Sensitivity SOX:Compliance Source Code:Data Classification Test Documentation:Data Classification Timesheet:Data Classification Training Materials:Data Classification Transaction Record:Data Classification UK:Data Residency US:Data Residency User Documentation:Data Classification]
    Previous
    Next