Fortinet black logo

Online Help

Home FortiCASB 24.1.b Online Help

Suspicious IP

24.1.b
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0
Copy Link
Copy Doc ID df548089-ec91-11ee-8c42-fa163e15d75b:324473

Suspicious IP

Description

Suspicious IP policy monitors cloud account activities conducted by targeted IP addresses. Alerts will be sent when any activities are performed by the targeted IPs.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Click on any Cloud Account drop down menu from FortiCASB dashboard, e.g. Salesforce, Office365, etc.
  2. Click on Policy drop down menu and select Threat Protection.
  3. Locate Suspicious IP and click on the right arrow key > button to expand the policy.
  4. Click On in Enabled to enable the policy.

  5. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).
  6. In Suspicious IP section, click to enter the beginning and ending IP range, and click + to add. Repeat this step to enter more IP ranges,
  7. Click Save Changes to update the configuration.

After the policy is enabled and configured, whenever a targeted IP performs any activity, an alert will be triggered in the alert page. For more details, please refer to Alert.

Previous
Next

Suspicious IP

Description

Suspicious IP policy monitors cloud account activities conducted by targeted IP addresses. Alerts will be sent when any activities are performed by the targeted IPs.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Click on any Cloud Account drop down menu from FortiCASB dashboard, e.g. Salesforce, Office365, etc.
  2. Click on Policy drop down menu and select Threat Protection.
  3. Locate Suspicious IP and click on the right arrow key > button to expand the policy.
  4. Click On in Enabled to enable the policy.

  5. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).
  6. In Suspicious IP section, click to enter the beginning and ending IP range, and click + to add. Repeat this step to enter more IP ranges,
  7. Click Save Changes to update the configuration.

After the policy is enabled and configured, whenever a targeted IP performs any activity, an alert will be triggered in the alert page. For more details, please refer to Alert.

Previous
Next