Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Digital Guardian CodeGreen DLP

What is Discovered and Monitored

Protocol Information Discovered Data Collected Used for
Syslog (CEF format) - 1 event type Security and Compliance

Event Types

In RESOURCE > Event Types, Search for “CodeGreen-”.

Rules

There are no specific rules, but generic rules for Data Leak Protection apply.

Reports

There are no specific reports, but generic rules for Data Leak Protection and Generic Servers apply.

Configuration

Configure Digital Guardian Code Green DLP to send syslog on port 514 to FortiSIEM.

Sample Event

<10>1 2017-05-11T12:08:06.380Z ABC-Manager DLP - INCADD incident_id="1.12815.1" managed_device_id="1" number_of_incidents="1" incident_status="New,Audit Only" matched_policies_by_severity="High:C_PHI_MRN / C_MRN_>25;" action_taken="NET_NS_H" matches="55" protocol="SMTP" http_url="" inspected_document="Milla_9.16-4.17__UPDATED.XLSX" source="abc@cda.org" source_ip="1.1.1.1" source_port="21752" destination="abc@bcd.edu" destination_ip="2.2.2.2" destination_port="25" email_subject="RE: Open Encounters" email_sender="abc@cde.org" email_recipients="abc@bcd.edu;" timestamp="2017-05-11 12:06:09 PDT" incidents_url=https://aaa.lpch.net/LoadIncidentManagement.do?m=1&id=1,27372

Digital Guardian CodeGreen DLP

What is Discovered and Monitored

Protocol Information Discovered Data Collected Used for
Syslog (CEF format) - 1 event type Security and Compliance

Event Types

In RESOURCE > Event Types, Search for “CodeGreen-”.

Rules

There are no specific rules, but generic rules for Data Leak Protection apply.

Reports

There are no specific reports, but generic rules for Data Leak Protection and Generic Servers apply.

Configuration

Configure Digital Guardian Code Green DLP to send syslog on port 514 to FortiSIEM.

Sample Event

<10>1 2017-05-11T12:08:06.380Z ABC-Manager DLP - INCADD incident_id="1.12815.1" managed_device_id="1" number_of_incidents="1" incident_status="New,Audit Only" matched_policies_by_severity="High:C_PHI_MRN / C_MRN_>25;" action_taken="NET_NS_H" matches="55" protocol="SMTP" http_url="" inspected_document="Milla_9.16-4.17__UPDATED.XLSX" source="abc@cda.org" source_ip="1.1.1.1" source_port="21752" destination="abc@bcd.edu" destination_ip="2.2.2.2" destination_port="25" email_subject="RE: Open Encounters" email_sender="abc@cde.org" email_recipients="abc@bcd.edu;" timestamp="2017-05-11 12:06:09 PDT" incidents_url=https://aaa.lpch.net/LoadIncidentManagement.do?m=1&id=1,27372