Activity
FortiCWP monitors and tracks user activities on the cloud platforms. When certain user activity violates policy enabled by the administrator, alert(s) will be triggered.
The Activity page contains a map displaying (approximate) Geolocation of events and activities list.
Activity Map options
- Activity—Click on an activity indicator on the map to bring up an activity notification from that specific location.
- Move—Move the map by clicking a point and dragging your mouse.
- Zoom—Use the buttons on the bottom-right corner of the map to zoom in and out.
- Refresh—Click the Refresh button to refresh the map.
- Clear—Click the Clear button to clear the map of activity indicators.
- Filter—Customize filtering through account type, users, event, and IP.
Activity Filter Example
- Click on activity filter drop down menu.
- Choose the Event Type: "Login", then choose the cloud account type: "AWS".
- Click SUBMIT to filter through the parameters selected. The result will display only the AWS login activities.
Activity Alert Correlation
One activity may trigger multiple alerts, the multiple alerts are triggered by different policies.
For example, the AWS event "Login Success" triggered 3 alerts, click on the alert button to see Alert Overview.
The Alert Overview page shows that this activity has triggered 3 different policies:
Threat Protection - Excessive Event, Compliance - HIPAA - Logins, and Threat Protection: Suspicious Time.
Daily cloud account activities will be compiled into Activity reports for export, please see Activity Report. |