Fortinet black logo

Online Help

Home FortiCASB 24.1.b Online Help

Excessive Login Failures

24.1.b
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0
Copy Link
Copy Doc ID df548089-ec91-11ee-8c42-fa163e15d75b:991959

Excessive Login Failures

Description

Excessive Login Failures monitors for excessive login attempts of unidentified user in a time interval. Administrators are able to customize the threshold of number of failed login attempts and the time interval (minutes) before an alert is generated.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Click on any Cloud Account drop down menu from FortiCASB dashboard, e.g. Salesforce, Office365, etc.
  2. Click on Policy drop down menu and select Threat Protection.
  3. Locate Excessive Login Failures and click on the right arrow key > button to expand the policy.
  4. Click On in Enabled to enable the policy.

  5. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).
  6. In Login Attempts, enter the threshold of the number of failed login attempts before an alert is generated.
  7. In Interval (minute), enter the time interval of the first failed login attempt of the same user.
  8. Click Save Changes to save and update the configuration.

After the policy is enabled and configured, whenever an unidentified user exceeded the login attempts threshold within in the given time interval, an alert will be triggered in the alert page. For more details, please refer to Alert.

Previous
Next

Excessive Login Failures

Description

Excessive Login Failures monitors for excessive login attempts of unidentified user in a time interval. Administrators are able to customize the threshold of number of failed login attempts and the time interval (minutes) before an alert is generated.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Click on any Cloud Account drop down menu from FortiCASB dashboard, e.g. Salesforce, Office365, etc.
  2. Click on Policy drop down menu and select Threat Protection.
  3. Locate Excessive Login Failures and click on the right arrow key > button to expand the policy.
  4. Click On in Enabled to enable the policy.

  5. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).
  6. In Login Attempts, enter the threshold of the number of failed login attempts before an alert is generated.
  7. In Interval (minute), enter the time interval of the first failed login attempt of the same user.
  8. Click Save Changes to save and update the configuration.

After the policy is enabled and configured, whenever an unidentified user exceeded the login attempts threshold within in the given time interval, an alert will be triggered in the alert page. For more details, please refer to Alert.

Previous
Next