Fortinet black logo

Online Help

Home FortiCNP 22.3.a Online Help

Threat Protection Example - Suspicious Movement

22.3.a
22.4.a
22.3.b
22.3.a
Copy Link
Copy Doc ID cf00dcb1-0886-11ed-bb32-fa163e15d75b:6157

Threat Protection Example - Suspicious Movement

Description

Suspicious Movement policy create finding when change in a user's geographic location exceeds preconfigured threshold.

Configuration Steps

  1. Go to Policy > Threat Protection > Suspicious Movement.
  2. Click on the right arrow key > next to the policy to display configuration setting.
  3. Click on Enabled toggle button to enable the policy.

  4. Click Applied To field to select target cloud account(s).
  5. In Velocity Settings field, enter a velocity greater than the maximum speed in international travel, e.g. commercial flight speed. The purpose is to monitor an unidentified login from another country.

  6. In Distance Tolerance field, enter the maximum distance for a user to travel in the vicinity before checking the velocity of the user. The purpose is to monitor for an unidentified login from another region within the country.
  7. Click Save Changes.
  8. Click the +Add Another to monitor Suspicious Movement on a different cloud account. (optional)
To setup a allow list for the Suspicious Movement Policy, please refer to Allowlist Configuration

Previous
Next

Threat Protection Example - Suspicious Movement

Description

Suspicious Movement policy create finding when change in a user's geographic location exceeds preconfigured threshold.

Configuration Steps

  1. Go to Policy > Threat Protection > Suspicious Movement.
  2. Click on the right arrow key > next to the policy to display configuration setting.
  3. Click on Enabled toggle button to enable the policy.

  4. Click Applied To field to select target cloud account(s).
  5. In Velocity Settings field, enter a velocity greater than the maximum speed in international travel, e.g. commercial flight speed. The purpose is to monitor an unidentified login from another country.

  6. In Distance Tolerance field, enter the maximum distance for a user to travel in the vicinity before checking the velocity of the user. The purpose is to monitor for an unidentified login from another region within the country.
  7. Click Save Changes.
  8. Click the +Add Another to monitor Suspicious Movement on a different cloud account. (optional)
To setup a allow list for the Suspicious Movement Policy, please refer to Allowlist Configuration

Previous
Next