Fortinet black logo

Online Help

Home FortiCASB 24.1.b Online Help
24.1.b
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0

Suspicious Label Activity (Google Workspace Only)

Suspicious Label Activity (Google Workspace Only)

Description

Suspicious Label Activity alerts when targeted Google Drive label activities exceed threshold for specific labels.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Go to Google Workspace > Policy > Threat Protection.
  2. Locate Suspicious Label Activity and click on the right arrow key > button to expand the policy.
  3. Click On in Enabled to enable the policy.

  4. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).
  5. Click Event drop down menu and select the event(s) that would trigger the alert.
    1. Attach label to file - alert will trigger if a new label is attach to the file.
    2. Remove label from file - alert will trigger if an existing label is removed from the file.
    3. Edit label from file - alert will trigger if an existing label is modified.
  6. In Specify Label, click Label Type drop down menu to select a label Type, and fill in appropriate fills.
    1. Standard Labels have Label Name, Label Field (optional), and Label Values (optional).
    2. Badged Labels only have Label Name and Label Value (optional)

  7. Click to select Threshold (Number of Activities) needed to trigger the alert.

  8. In Interval, select number of minutes between each activity to trigger an alert.
  9. Click On turn on Email Notification and enter the email address to receive notification alert.
  10. Click Saves Changes to finish.

Previous
Next

Suspicious Label Activity (Google Workspace Only)

Description

Suspicious Label Activity alerts when targeted Google Drive label activities exceed threshold for specific labels.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Go to Google Workspace > Policy > Threat Protection.
  2. Locate Suspicious Label Activity and click on the right arrow key > button to expand the policy.
  3. Click On in Enabled to enable the policy.

  4. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).
  5. Click Event drop down menu and select the event(s) that would trigger the alert.
    1. Attach label to file - alert will trigger if a new label is attach to the file.
    2. Remove label from file - alert will trigger if an existing label is removed from the file.
    3. Edit label from file - alert will trigger if an existing label is modified.
  6. In Specify Label, click Label Type drop down menu to select a label Type, and fill in appropriate fills.
    1. Standard Labels have Label Name, Label Field (optional), and Label Values (optional).
    2. Badged Labels only have Label Name and Label Value (optional)

  7. Click to select Threshold (Number of Activities) needed to trigger the alert.

  8. In Interval, select number of minutes between each activity to trigger an alert.
  9. Click On turn on Email Notification and enter the email address to receive notification alert.
  10. Click Saves Changes to finish.

Previous
Next