Sensitive Event
Description
Sensitive Event policy monitors specific cloud account activities and triggers alerts.
Policy Configuration
Follow the steps below to enable and configure the policy
- Click on any Cloud Account drop down menu from FortiCASB dashboard, e.g. Salesforce, Office365, etc.
- Click on Policy drop down menu and select Threat Protection.
- Locate Sensitive Event and click on the right arrow key > button to expand the policy.
- Click On in Enabled to enable the policy.
- Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).
- In Event section, click to select Specific events then click the drop down field under it to select specific event(s). To select all events instead, click on Select all events.
- In Threshold (Times), enter the maximum number of times the event or activity is being performed by the same user before an alert is triggered.
- In Interval (Minutes), specify the amount of time that the user conducts the targeted activities before triggering an alert.
- Click Save Changes to update the configuration.
A typical example for the policy usage is downloading or uploading multiple files in a given amount of time would trigger an alert.
After the policy is enabled and configured, whenever the specific activity is conducted repeatedly by the same user in a given time frame, an alert will be triggered in the alert page. For more details, please refer to Alert. |