Fortinet black logo

online help

Home FortiCASB 20.2.0 online help

Suspicious Time

20.2.0
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0
Copy Link
Copy Doc ID ceffee45-ba54-11ea-8b7d-00505692583a:150264

Suspicious Time

Description

Suspicious Time policy monitors cloud account activities outside of regular working hours.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Click on any Cloud Account drop down menu from FortiCASB dashboard, e.g. Salesforce, Office365, etc.
  2. Click on Policy drop down menu and select Threat Protection.
  3. Locate Suspicious Time and click on the right arrow key > button to expand the policy.
  4. Click on General tab, click Status toggle switch button to enable the policy.

  5. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).
  6. Click Context tab to configure settings.

  7. In Event section, click to select Specific events then click the drop down field under it to select specific event(s). To select all events instead, click on Select all events.
  8. In Suspicious Time section, click on Select day in week drop down menu to select a day in the week to monitor for suspicious event. Then enter the beginning and end time of the day to monitor the event.
  9. Click Save to update the configuration.

After the policy is enabled and configured, whenever the specific activity is conducted in the suspicions time frame during the target day of the week, an alert will be triggered in the alert page. For more details, please refer to Alert.

Previous
Next

Suspicious Time

Description

Suspicious Time policy monitors cloud account activities outside of regular working hours.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Click on any Cloud Account drop down menu from FortiCASB dashboard, e.g. Salesforce, Office365, etc.
  2. Click on Policy drop down menu and select Threat Protection.
  3. Locate Suspicious Time and click on the right arrow key > button to expand the policy.
  4. Click on General tab, click Status toggle switch button to enable the policy.

  5. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).
  6. Click Context tab to configure settings.

  7. In Event section, click to select Specific events then click the drop down field under it to select specific event(s). To select all events instead, click on Select all events.
  8. In Suspicious Time section, click on Select day in week drop down menu to select a day in the week to monitor for suspicious event. Then enter the beginning and end time of the day to monitor the event.
  9. Click Save to update the configuration.

After the policy is enabled and configured, whenever the specific activity is conducted in the suspicions time frame during the target day of the week, an alert will be triggered in the alert page. For more details, please refer to Alert.

Previous
Next