Fortinet black logo

Online Help

Suspicious Location

Copy Link
Copy Doc ID df548089-ec91-11ee-8c42-fa163e15d75b:715070

Suspicious Location

Description

Suspicious Location policy monitors for cloud account activities not shown on location allow list.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Click on any Cloud Account drop down menu from FortiCASB dashboard, e.g. Salesforce, Office365, etc.
  2. Click on Policy drop down menu and select Threat Protection.
  3. Locate Suspicious Location and click on the right arrow key > button to expand the policy.
  4. Click On in Enabled to enable the policy.
  5. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).
  6. In Location Allow List, click Select Country drop down menu to select a country to be added to the location Allow list. Click Add to finish adding the location. Repeat the same process to add more location.
  7. Click Save Changes to update the configuration.

After the policy is enabled and configured, whenever there is any cloud account activity outside of the allow list locations, an alert will be triggered in the alert page. For more details, please refer to Alert.

Suspicious Location

Description

Suspicious Location policy monitors for cloud account activities not shown on location allow list.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Click on any Cloud Account drop down menu from FortiCASB dashboard, e.g. Salesforce, Office365, etc.
  2. Click on Policy drop down menu and select Threat Protection.
  3. Locate Suspicious Location and click on the right arrow key > button to expand the policy.
  4. Click On in Enabled to enable the policy.
  5. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).
  6. In Location Allow List, click Select Country drop down menu to select a country to be added to the location Allow list. Click Add to finish adding the location. Repeat the same process to add more location.
  7. Click Save Changes to update the configuration.

After the policy is enabled and configured, whenever there is any cloud account activity outside of the allow list locations, an alert will be triggered in the alert page. For more details, please refer to Alert.