From a185892d764d0b7bf12008c4a39bc20a46316415 Mon Sep 17 00:00:00 2001 From: John Poland Date: Wed, 15 Oct 2025 20:27:20 -0400 Subject: [PATCH] fortigate/vdom_root/dlp.cfg Wed Oct 15 08:27:19 PM EDT 2025 --- configs/fortigate/vdom_root/dlp.cfg | 149 ++++++++++++++++++++++++++++ 1 file changed, 149 insertions(+) create mode 100644 configs/fortigate/vdom_root/dlp.cfg diff --git a/configs/fortigate/vdom_root/dlp.cfg b/configs/fortigate/vdom_root/dlp.cfg new file mode 100644 index 0000000..2b06ed4 --- /dev/null +++ b/configs/fortigate/vdom_root/dlp.cfg @@ -0,0 +1,149 @@ +config dlp filepattern + edit 1 + set name "builtin-patterns" + config entries + edit "*.bat" + next + edit "*.com" + next + edit "*.dll" + next + edit "*.doc" + next + edit "*.exe" + next + edit "*.gz" + next + edit "*.hta" + next + edit "*.ppt" + next + edit "*.rar" + next + edit "*.scr" + next + edit "*.tar" + next + edit "*.tgz" + next + edit "*.vb?" + next + edit "*.wps" + next + edit "*.xl?" + next + edit "*.zip" + next + edit "*.pif" + next + edit "*.cpl" + next + end + next + edit 2 + set name "all_executables" + config entries + edit "bat" + set filter-type type + set file-type bat + next + edit "exe" + set filter-type type + set file-type exe + next + edit "elf" + set filter-type type + set file-type elf + next + edit "hta" + set filter-type type + set file-type hta + next + end + next +end +config dlp sensitivity + edit "Private" + next + edit "Critical" + next + edit "Warning" + next +end +config dlp sensor + edit "g-default" + set comment "Default sensor." + next + edit "g-sniffer-profile" + set comment "Log a summary of email and web traffic." + set summary-proto smtp pop3 imap http-get http-post + next + edit "Content_Archive" + set feature-set proxy + set full-archive-proto smtp pop3 imap http-get http-post ftp nntp mapi + set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi + next + edit "Content_Summary" + set feature-set proxy + set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi + next + edit "Credit-Card" + set feature-set proxy + config filter + edit 1 + set name "Credit-Card-Filter" + set severity high + set proto smtp pop3 imap http-get http-post mapi + set action log-only + next + edit 2 + set name "Credit-Card-Filter" + set severity high + set type message + set proto smtp pop3 imap http-post mapi + set action log-only + next + end + next + edit "Large-File" + set feature-set proxy + config filter + edit 1 + set name "Large-File-Filter" + set proto smtp pop3 imap http-get http-post mapi + set filter-by file-size + set file-size 5120 + set action log-only + next + end + next + edit "SSN-Sensor" + set comment "Match SSN numbers but NOT WebEx invite emails." + set feature-set proxy + config filter + edit 1 + set name "SSN-Sensor-Filter" + set severity high + set type message + set proto smtp pop3 imap mapi + set filter-by regexp + set regexp "WebEx" + next + edit 2 + set name "SSN-Sensor-Filter" + set severity high + set type message + set proto smtp pop3 imap mapi + set filter-by ssn + set action log-only + next + edit 3 + set name "SSN-Sensor-Filter" + set severity high + set proto smtp pop3 imap http-get http-post ftp mapi + set filter-by ssn + set action log-only + next + end + next +end