Activity
FortiCWP monitors and tracks user activities on the cloud platforms. When certain user activity violates policy enabled by the administrator, alert(s) will be triggered.
The Activity page contains a map displaying (approximate) Geolocation of events and activities list.
Activity Map options
- Activity—Click on an activity indicator on the map to bring up an activity notification from that specific location.
- Move—Move the map by clicking a point and dragging your mouse.
- Zoom—Use the buttons on the bottom-right corner of the map to zoom in and out.
- Refresh—Click the Refresh button to refresh the map.
- Clear—Click the Clear button to clear the map of activity indicators.
- Filter—Customize filtering through account type, users, event, and IP.
Activity Filter Example
- Click on activity filter drop down menu.
- Choose the Activity > Login, then choose the cloud account type: "AWS".
- Click Search to filter through the parameters selected. The result will display only the AWS login activities in last 24 hours.
Activity Alert Correlation
One activity may trigger multiple alerts, the multiple alerts are triggered by different policies.
From the above example, the AWS event "Login Success" triggered 5 alerts, click on the alert button to see the alerts.
The alerts shows that this activity has triggered 5 different policies:
Daily cloud account activities will be compiled into Activity reports for export, please see Activity Report. |