Fortinet black logo

online help

Home FortiCASB 20.2.0 online help
20.2.0
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0

PCI - Failed Access Attempt Detection

PCI - Failed Access Attempt Detection

Description

Privileged Account Activity policy monitors and tracks targeted users' activities on the cloud accounts. The policy allows configuration on which user and what type of activities to be monitored.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Click on any Cloud Account drop down menu from FortiCASB dashboard, e.g. Salesforce, Office365, etc.
  2. Click on Policy drop down menu and select Compliance, then select PCI-DSS tab.
  3. Locate PCI - Failed Access Attempt Detection and click on the right arrow key > button to expand the policy.
  4. Click on General tab, click Status toggle switch button to enable the policy.

  5. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).

    6. Note: this policy generates both alert in Alert page and data in Compliance Report.

  6. Click Context tab to configure settings.

  7. In Login Attempts, enter the threshold for the number of failed login attempts before an alert is generated.
  8. In Interval (minute), enter the time frame for all failed login attempts before an alert is generated.

    9. For example, given an interval of 3 minutes and login attempts of 5. If a user had more than 5 failed login attempts in 3 minutes, an alert will be sent to inform on the suspicious login attempts on the cloud account.

  9. Click Save to update the configuration.

After the policy is enabled and configured, whenever there are excessive failed login attempts on the cloud account, an alert will be triggered in the alert page. For more details, please refer to Alert.

Compliance report will also record any alerts generated by this policy, for more details, please see Compliance Report.

Previous
Next

PCI - Failed Access Attempt Detection

Description

Privileged Account Activity policy monitors and tracks targeted users' activities on the cloud accounts. The policy allows configuration on which user and what type of activities to be monitored.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Click on any Cloud Account drop down menu from FortiCASB dashboard, e.g. Salesforce, Office365, etc.
  2. Click on Policy drop down menu and select Compliance, then select PCI-DSS tab.
  3. Locate PCI - Failed Access Attempt Detection and click on the right arrow key > button to expand the policy.
  4. Click on General tab, click Status toggle switch button to enable the policy.

  5. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).

    6. Note: this policy generates both alert in Alert page and data in Compliance Report.

  6. Click Context tab to configure settings.

  7. In Login Attempts, enter the threshold for the number of failed login attempts before an alert is generated.
  8. In Interval (minute), enter the time frame for all failed login attempts before an alert is generated.

    9. For example, given an interval of 3 minutes and login attempts of 5. If a user had more than 5 failed login attempts in 3 minutes, an alert will be sent to inform on the suspicious login attempts on the cloud account.

  9. Click Save to update the configuration.

After the policy is enabled and configured, whenever there are excessive failed login attempts on the cloud account, an alert will be triggered in the alert page. For more details, please refer to Alert.

Compliance report will also record any alerts generated by this policy, for more details, please see Compliance Report.

Previous
Next