Fortinet black logo

Handbook

Configuring a Credential Stuffing Defense Policy

Configuring a Credential Stuffing Defense Policy

Credential Stuffing Defense identifies login attempts using username and password that have been compromised using an always up-to-date feed of stolen credentials. Administrators can configure their supported devices to take various actions if a suspicious login is used including logging, alerts, and blocking.

To configure an Credential Stuffing Defense policy:
  1. Go to Web Application Firewall > Access Protection.
  2. Click the Credential Stuffing Defense tab.
  3. Click Create New to display the configuration editor.
  4. Complete the Credential Stuffing Defense configuration.
  5. Save the configuration.
Predefined Rules Description
Name Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. After you initially save the configuration, you cannot edit the name.
Status Enable or disable this profile. Default is disable.
Action

Select the action profile that you want to apply. See Configuring WAF Action objects.

The default is Alert.

Severity

High—Log matches as high severity events.

Medium—Log matches as a medium severity events.

Low—Log matches as low severity events.

The default is Low, but we recommend you use High or Medium.

Note: FortiADC has no built-in Credential Stuffing Defense database. At least one FortiGuard update is required to install the database, otherwise this feature is ineffective. For details, see Configuring FortiGuard service settings.

Configuring a Credential Stuffing Defense Policy

Credential Stuffing Defense identifies login attempts using username and password that have been compromised using an always up-to-date feed of stolen credentials. Administrators can configure their supported devices to take various actions if a suspicious login is used including logging, alerts, and blocking.

To configure an Credential Stuffing Defense policy:
  1. Go to Web Application Firewall > Access Protection.
  2. Click the Credential Stuffing Defense tab.
  3. Click Create New to display the configuration editor.
  4. Complete the Credential Stuffing Defense configuration.
  5. Save the configuration.
Predefined Rules Description
Name Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. After you initially save the configuration, you cannot edit the name.
Status Enable or disable this profile. Default is disable.
Action

Select the action profile that you want to apply. See Configuring WAF Action objects.

The default is Alert.

Severity

High—Log matches as high severity events.

Medium—Log matches as a medium severity events.

Low—Log matches as low severity events.

The default is Low, but we recommend you use High or Medium.

Note: FortiADC has no built-in Credential Stuffing Defense database. At least one FortiGuard update is required to install the database, otherwise this feature is ineffective. For details, see Configuring FortiGuard service settings.