scsd/scsd-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
scsd-configs/configs/fortigate/vdom_root/dlp.cfg

233 lines
6.0 KiB
INI
Raw Blame History

config dlp data-type
edit "g-credit-card"
set pattern "\\b([2-6]{1}\\d{3})[- ]?(\\d{4})[- ]?(\\d{2})[- ]?(\\d{2})[- ]?(\\d{2,4})\\b"
set verify "builtin)credit-card"
set look-back 20
set transform "\\b\\1[- ]?\\2[- ]?\\3[- ]?\\4[- ]?\\5\\b"
next
edit "g-edm-keyword"
set pattern ".+"
set transform "/\\b\\0\\b/i"
next
edit "g-hex"
set pattern "built-in"
next
edit "g-keyword"
set pattern "built-in"
next
edit "g-mip-label"
set pattern "^[[:xdigit:]]{8}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{4}-[[:xdigit:]]{12}$"
set transform "built-in"
next
edit "g-regex"
set pattern "built-in"
next
edit "g-ssn-us"
set pattern "\\b(\\d{3})-(\\d{2})-(\\d{4})\\b"
set verify "(?<!-)\\b(?!666|000|9\\d{2})\\d{3}-(?!00)\\d{2}-(?!0{4})\\d{4}\\b(?!-)"
set look-back 12
set transform "\\b\\1-\\2-\\3\\b"
next
end
config dlp dictionary
edit "SSN-Sensor-r1d"
config entries
edit 1
set type "g-regex"
set pattern "WebEx"
next
end
next
edit "def-cc-dict"
config entries
edit 1
set type "g-credit-card"
next
end
next
edit "def-ssn-dict"
config entries
edit 1
set type "g-ssn-us"
next
end
next
end
config dlp sensor
edit "SSN-Sensor-r1s"
config entries
edit 1
set dictionary "SSN-Sensor-r1d"
next
end
next
edit "def-cc-sensor"
config entries
edit 1
set dictionary "def-cc-dict"
next
end
next
edit "def-ssn-sensor"
config entries
edit 1
set dictionary "def-ssn-dict"
next
end
next
end
config dlp filepattern
edit 1
set name "builtin-patterns"
config entries
edit "*.bat"
next
edit "*.com"
next
edit "*.dll"
next
edit "*.doc"
next
edit "*.exe"
next
edit "*.gz"
next
edit "*.hta"
next
edit "*.ppt"
next
edit "*.rar"
next
edit "*.scr"
next
edit "*.tar"
next
edit "*.tgz"
next
edit "*.vb?"
next
edit "*.wps"
next
edit "*.xl?"
next
edit "*.zip"
next
edit "*.pif"
next
edit "*.cpl"
next
end
next
edit 2
set name "all_executables"
config entries
edit "bat"
set filter-type type
set file-type bat
next
edit "exe"
set filter-type type
set file-type exe
next
edit "elf"
set filter-type type
set file-type elf
next
edit "hta"
set filter-type type
set file-type hta
next
end
next
end
config dlp sensitivity
edit "Private"
next
edit "Critical"
next
edit "Warning"
next
end
config dlp profile
edit "g-default"
set comment "Default profile."
next
edit "g-sniffer-profile"
set comment "Log a summary of email and web traffic."
set summary-proto smtp pop3 imap http-get http-post
next
edit "Content_Archive"
set feature-set proxy
set full-archive-proto smtp pop3 imap http-get http-post ftp nntp mapi
set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi
next
edit "Content_Summary"
set feature-set proxy
set summary-proto smtp pop3 imap http-get http-post ftp nntp mapi
next
edit "Credit-Card"
set feature-set proxy
config rule
edit 1
set name "Credit-Card-Filter"
set severity high
set proto smtp pop3 imap http-get http-post mapi
set filter-by sensor
set sensor "def-cc-sensor"
set action log-only
next
edit 2
set name "Credit-Card-Filter"
set severity high
set type message
set proto smtp pop3 imap http-post mapi
set filter-by sensor
set sensor "def-cc-sensor"
set action log-only
next
end
next
edit "Large-File"
set feature-set proxy
config rule
edit 1
set name "Large-File-Filter"
set proto smtp pop3 imap http-get http-post mapi
set file-size 5120
set action log-only
next
end
next
edit "SSN-Sensor"
set comment "Match SSN numbers but NOT WebEx invite emails."
set feature-set proxy
config rule
edit 1
set name "SSN-Sensor-Filter"
set severity high
set type message
set proto smtp pop3 imap mapi
set filter-by sensor
set sensor "SSN-Sensor-r1s"
next
edit 2
set name "SSN-Sensor-Filter"
set severity high
set type message
set proto smtp pop3 imap mapi
set filter-by sensor
set sensor "def-ssn-sensor"
set action log-only
next
edit 3
set name "SSN-Sensor-Filter"
set severity high
set proto smtp pop3 imap http-get http-post ftp mapi
set filter-by sensor
set sensor "def-ssn-sensor"
set action log-only
next
end
next
end
Reference in New Issue View Git Blame Copy Permalink