Fortinet black logo

Online Help

Threat Protection

Copy Link
Copy Doc ID 6214e17c-9e13-11eb-b70b-00505692583a:427384

Threat Protection

Threat protection policies track suspicious user behavior. For example, if a user fails to enter his or her password correctly multiple times in a row and you have the Excessive Login Failures policy active, FortiCASB will send you an alert.

Threat protection policies

Access

Excessive Login Failures Triggers an alert when the number of failed logins for a user exceeds a set threshold.
Password Change Triggers an alert when passwords are changed.
Suspicious Movement Triggers an alert when a change in a user's geographic location exceeds threshold parameters.
Unapproved Login Location Triggers an alert when a user logs in from an unapproved geographic location.

Suspicious Activity

Restricted User Triggers an alert when a monitored user performs select activities.
Suspicious IP Triggers an alert when there is activity from a suspicious IP.
Suspicious Time Triggers an alert when there is activity outside of work hours.
Suspicious Location Triggers an alert when there is activity from suspicious locations.

Sensitive Activity

Sensitive Event Triggers an alert when a sensitive event occurs.
Sensitive File Triggers an alert when a specified sensitive file is accessed.
Ransomware Behavior Detection Triggers an alert when the directory's file(s) had been replaced.

Abnormal Traffic

Large File Upload Triggers an alert when a file upload exceeds a size threshold.

Threat Protection

Threat protection policies track suspicious user behavior. For example, if a user fails to enter his or her password correctly multiple times in a row and you have the Excessive Login Failures policy active, FortiCASB will send you an alert.

Threat protection policies

Access

Excessive Login Failures Triggers an alert when the number of failed logins for a user exceeds a set threshold.
Password Change Triggers an alert when passwords are changed.
Suspicious Movement Triggers an alert when a change in a user's geographic location exceeds threshold parameters.
Unapproved Login Location Triggers an alert when a user logs in from an unapproved geographic location.

Suspicious Activity

Restricted User Triggers an alert when a monitored user performs select activities.
Suspicious IP Triggers an alert when there is activity from a suspicious IP.
Suspicious Time Triggers an alert when there is activity outside of work hours.
Suspicious Location Triggers an alert when there is activity from suspicious locations.

Sensitive Activity

Sensitive Event Triggers an alert when a sensitive event occurs.
Sensitive File Triggers an alert when a specified sensitive file is accessed.
Ransomware Behavior Detection Triggers an alert when the directory's file(s) had been replaced.

Abnormal Traffic

Large File Upload Triggers an alert when a file upload exceeds a size threshold.