Fortinet black logo

Online Help

Threat Protection Policy

Copy Link
Copy Doc ID 623e79e5-e0e1-11eb-97f7-00505692583a:219404

Threat Protection Policy

Threat protection policies track suspicious user behavior. For example, if a user fails to enter his or her password correctly multiple times in a row and you have the Excessive Login Failures policy active, FortiCWP will send you an alert. To access Threat Protection policies, go to Policy > Threat Protection from navigation pane.

List of Threat Protection Policies

Access

Policy Name

Description

Excessive Login Failures Triggers an alert when the number of failed logins for a user exceeds a set threshold.
Password Change Triggers an alert when passwords are changed.
Suspicious Movement Triggers an alert when a change in a user's geographic location exceeds threshold parameters.

Suspicious Activity

Policy Name

Description

Restricted User Activity Triggers an alert when a monitored user performs select activities.
Suspicious Time Triggers an alert when there is activity outside of work hours.
Suspicious Location Triggers an alert when there is activity from suspicious locations.

Sensitive Activity

Policy Name

Description

Excessive Event Triggers an alert when selected event occurrence exceeds threshold.
Ransomware Behavior Detection Triggers an alert when the directory's file(s) had been replaced.

Threat Protection Policy

Threat protection policies track suspicious user behavior. For example, if a user fails to enter his or her password correctly multiple times in a row and you have the Excessive Login Failures policy active, FortiCWP will send you an alert. To access Threat Protection policies, go to Policy > Threat Protection from navigation pane.

List of Threat Protection Policies

Access

Policy Name

Description

Excessive Login Failures Triggers an alert when the number of failed logins for a user exceeds a set threshold.
Password Change Triggers an alert when passwords are changed.
Suspicious Movement Triggers an alert when a change in a user's geographic location exceeds threshold parameters.

Suspicious Activity

Policy Name

Description

Restricted User Activity Triggers an alert when a monitored user performs select activities.
Suspicious Time Triggers an alert when there is activity outside of work hours.
Suspicious Location Triggers an alert when there is activity from suspicious locations.

Sensitive Activity

Policy Name

Description

Excessive Event Triggers an alert when selected event occurrence exceeds threshold.
Ransomware Behavior Detection Triggers an alert when the directory's file(s) had been replaced.