Fortinet black logo

Online Help

Home FortiCASB 21.1.0 Online Help

Suspicious IP

21.1.0
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0
Copy Link
Copy Doc ID 6214e17c-9e13-11eb-b70b-00505692583a:324473

Suspicious IP

Description

Suspicious IP policy monitors cloud account activities conducted by targeted IP addresses. Alerts will be sent when any activities are performed by the targeted IPs.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Click on any Cloud Account drop down menu from FortiCASB dashboard, e.g. Salesforce, Office365, etc.
  2. Click on Policy drop down menu and select Threat Protection.
  3. Locate Suspicious IP and click on the right arrow key > button to expand the policy.
  4. Click on General tab, click Status toggle switch button to enable the policy.
  6. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).
  7. Click Context tab to configure settings.
  9. In Suspicious IP section, click to enter the beginning and ending IP range, and click + to add. Repeat this step to enter more IP ranges,
  10. Click Save to update the configuration.

After the policy is enabled and configured, whenever a targeted IP performs any activity, an alert will be triggered in the alert page. For more details, please refer to Alert.

Previous
Next

Suspicious IP

Description

Suspicious IP policy monitors cloud account activities conducted by targeted IP addresses. Alerts will be sent when any activities are performed by the targeted IPs.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Click on any Cloud Account drop down menu from FortiCASB dashboard, e.g. Salesforce, Office365, etc.
  2. Click on Policy drop down menu and select Threat Protection.
  3. Locate Suspicious IP and click on the right arrow key > button to expand the policy.
  4. Click on General tab, click Status toggle switch button to enable the policy.
  6. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).
  7. Click Context tab to configure settings.
  9. In Suspicious IP section, click to enter the beginning and ending IP range, and click + to add. Repeat this step to enter more IP ranges,
  10. Click Save to update the configuration.

After the policy is enabled and configured, whenever a targeted IP performs any activity, an alert will be triggered in the alert page. For more details, please refer to Alert.

Previous
Next