Fortinet black logo

Online Help

Home FortiCASB 24.1.b Online Help

Sensitive Event

24.1.b
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0
Copy Link
Copy Doc ID df548089-ec91-11ee-8c42-fa163e15d75b:997048

Sensitive Event

Description

Sensitive Event policy monitors specific cloud account activities and triggers alerts.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Click on any Cloud Account drop down menu from FortiCASB dashboard, e.g. Salesforce, Office365, etc.
  2. Click on Policy drop down menu and select Threat Protection.
  3. Locate Sensitive Event and click on the right arrow key > button to expand the policy.
  4. Click On in Enabled to enable the policy.

  5. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).
  6. In Event section, click to select Specific events then click the drop down field under it to select specific event(s). To select all events instead, click on Select all events.
  7. In Threshold (Times), enter the maximum number of times the event or activity is being performed by the same user before an alert is triggered.
  8. In Interval (Minutes), specify the amount of time that the user conducts the targeted activities before triggering an alert.
  9. Click Save Changes to update the configuration.

A typical example for the policy usage is downloading or uploading multiple files in a given amount of time would trigger an alert.

After the policy is enabled and configured, whenever the specific activity is conducted repeatedly by the same user in a given time frame, an alert will be triggered in the alert page. For more details, please refer to Alert.

Previous
Next

Sensitive Event

Description

Sensitive Event policy monitors specific cloud account activities and triggers alerts.

Policy Configuration

Follow the steps below to enable and configure the policy

  1. Click on any Cloud Account drop down menu from FortiCASB dashboard, e.g. Salesforce, Office365, etc.
  2. Click on Policy drop down menu and select Threat Protection.
  3. Locate Sensitive Event and click on the right arrow key > button to expand the policy.
  4. Click On in Enabled to enable the policy.

  5. Click on Severity level drop down menu to select the severity level (Critical, Alert, Warning, Information).
  6. In Event section, click to select Specific events then click the drop down field under it to select specific event(s). To select all events instead, click on Select all events.
  7. In Threshold (Times), enter the maximum number of times the event or activity is being performed by the same user before an alert is triggered.
  8. In Interval (Minutes), specify the amount of time that the user conducts the targeted activities before triggering an alert.
  9. Click Save Changes to update the configuration.

A typical example for the policy usage is downloading or uploading multiple files in a given amount of time would trigger an alert.

After the policy is enabled and configured, whenever the specific activity is conducted repeatedly by the same user in a given time frame, an alert will be triggered in the alert page. For more details, please refer to Alert.

Previous
Next