Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.1.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Alerts Reference

    Home FortiCNAPP Alerts Reference

    Threat intel alerts

    Threat intel alerts

    Lacework FortiCNAPP generates threat intel alerts when it detects inbound/outbound connections with known bad external hosts.

    These alerts provide advanced warning of potential threats based on the latest intelligence and threat analysis with the following features:

    • The alerts are raised within 15 minutes of the potential threat being detected, giving you more time to take action and protect your organization's assets.

    • Evolving Alerts - This feature allows you to receive a single, consolidated alert that will automatically update and evolve over one hour, reducing the noise of repetitive alerts. This approach will give you all the information you need to triage and investigate alerts while minimizing distractions and interruptions. See for more information.

    • The alerts use aggregation keys that allow the grouping of similar alerts into one consolidated alert with all the latest information about the threat, reducing the number of notifications you receive.

    The following table lists all of the Threat Intel alerts.

    Alert Name Alert Type Connection

    Inbound connection from a bad external IP Address

    ExternalClientBadIpConn

    IP -> Machine

    Outbound connection to a bad external IP Address

    ExternalServerBadIPConn

    IP -> Machine

    Outbound connection to a bad external URL

    ExternalServerBadDNSConn

    IP -> Machine
    Note

    Suppression of threat intelligence alerts is currently unavailable.
    Previous
    Next

    Threat intel alerts

    Threat intel alerts

    Lacework FortiCNAPP generates threat intel alerts when it detects inbound/outbound connections with known bad external hosts.

    These alerts provide advanced warning of potential threats based on the latest intelligence and threat analysis with the following features:

    • The alerts are raised within 15 minutes of the potential threat being detected, giving you more time to take action and protect your organization's assets.

    • Evolving Alerts - This feature allows you to receive a single, consolidated alert that will automatically update and evolve over one hour, reducing the noise of repetitive alerts. This approach will give you all the information you need to triage and investigate alerts while minimizing distractions and interruptions. See for more information.

    • The alerts use aggregation keys that allow the grouping of similar alerts into one consolidated alert with all the latest information about the threat, reducing the number of notifications you receive.

    The following table lists all of the Threat Intel alerts.

    Alert Name Alert Type Connection

    Inbound connection from a bad external IP Address

    ExternalClientBadIpConn

    IP -> Machine

    Outbound connection to a bad external IP Address

    ExternalServerBadIPConn

    IP -> Machine

    Outbound connection to a bad external URL

    ExternalServerBadDNSConn

    IP -> Machine
    Note

    Suppression of threat intelligence alerts is currently unavailable.
    Previous
    Next