Fortinet black logo

External Systems Configuration Guide

Digital Guardian CodeGreen DLP

Digital Guardian Code Green DLP

What is Discovered and Monitored

Protocol Information Discovered Data Collected Used for
Syslog (CEF format) - 1 event type Security and Compliance

Event Types

In RESOURCES > Event Types, Search for "CodeGreen-" in the main content panel Search... field to see event types.

Rules

There are no specific rules, but generic rules for Data Leak Protection apply.

Reports

There are no specific reports, but generic rules for Data Leak Protection and Generic Servers apply.

Configuration

Configure Digital Guardian Code Green DLP to send syslog on port 514 to FortiSIEM.

Sample Event

<10>1 2017-05-11T12:08:06.380Z ABC-Manager DLP - INCADD incident_id="1.12815.1" managed_device_id="1" number_of_incidents="1" incident_status="New,Audit Only" matched_policies_by_severity="High:C_PHI_MRN / C_MRN_>25;" action_taken="NET_NS_H" matches="55" protocol="SMTP" http_url="" inspected_document="Milla_9.16-4.17__UPDATED.XLSX" source="abc@cda.org" source_ip="1.1.1.1" source_port="21752" destination="abc@bcd.edu" destination_ip="2.2.2.2" destination_port="25" email_subject="RE: Open Encounters" email_sender="abc@cde.org" email_recipients="abc@bcd.edu;" timestamp="2017-05-11 12:06:09 PDT" incidents_url=https://aaa.lpch.net/LoadIncidentManagement.do?m=1&id=1,27372

Digital Guardian Code Green DLP

What is Discovered and Monitored

Protocol Information Discovered Data Collected Used for
Syslog (CEF format) - 1 event type Security and Compliance

Event Types

In RESOURCES > Event Types, Search for "CodeGreen-" in the main content panel Search... field to see event types.

Rules

There are no specific rules, but generic rules for Data Leak Protection apply.

Reports

There are no specific reports, but generic rules for Data Leak Protection and Generic Servers apply.

Configuration

Configure Digital Guardian Code Green DLP to send syslog on port 514 to FortiSIEM.

Sample Event

<10>1 2017-05-11T12:08:06.380Z ABC-Manager DLP - INCADD incident_id="1.12815.1" managed_device_id="1" number_of_incidents="1" incident_status="New,Audit Only" matched_policies_by_severity="High:C_PHI_MRN / C_MRN_>25;" action_taken="NET_NS_H" matches="55" protocol="SMTP" http_url="" inspected_document="Milla_9.16-4.17__UPDATED.XLSX" source="abc@cda.org" source_ip="1.1.1.1" source_port="21752" destination="abc@bcd.edu" destination_ip="2.2.2.2" destination_port="25" email_subject="RE: Open Encounters" email_sender="abc@cde.org" email_recipients="abc@bcd.edu;" timestamp="2017-05-11 12:06:09 PDT" incidents_url=https://aaa.lpch.net/LoadIncidentManagement.do?m=1&id=1,27372