Threat Protection
Threat protection policies track suspicious user behavior. For example, if a user fails to enter his or her password correctly multiple times in a row and you have the Excessive Login Failures policy active, FortiCASB will send you an alert.
Threat protection policies
Access
Excessive Login Failures | Triggers an alert when the number of failed logins for a user exceeds a set threshold. |
Password Change | Triggers an alert when passwords are changed. |
Suspicious Movement | Triggers an alert when a change in a user's geographic location exceeds threshold parameters. |
Unapproved Login Location | Triggers an alert when a user logs in from an unapproved geographic location. |
Suspicious Activity
Restricted User | Triggers an alert when a monitored user performs select activities. |
Suspicious IP | Triggers an alert when there is activity from a suspicious IP. |
Suspicious Time | Triggers an alert when there is activity outside of work hours. |
Suspicious Location | Triggers an alert when there is activity from suspicious locations. |
Sensitive Activity
Sensitive Event | Triggers an alert when a sensitive event occurs. |
Sensitive File | Triggers an alert when a specified sensitive file is accessed. |
Ransomware Behavior Detection | Triggers an alert when the directory's file(s) had been replaced. |
Abnormal Traffic
Large File Upload | Triggers an alert when a file upload exceeds a size threshold. |