Fortinet black logo

Online Help

Policy Configuration Examples

Copy Link
Copy Doc ID f5cba41d-b79a-11ec-9fd1-fa163e15d75b:493450

Policy Configuration Examples

Threat Protection - Suspicious Time

Threat Protection - Suspicious Movement

SOX/COBIT - Access to Sensitive Data

Threat Protection - Suspicious Time

  1. Go to Policy > Threat Protection > Suspicious Time.
  2. Click on the right arrow key > next to the policy to display configuration setting.
  3. Click on Enabled toggle button to enable the policy.
  4. Click Applied To field to select target cloud account.
  5. In Event field, select Specify events to select event(s) to be associated with the policy or Select all events.
  6. In Suspicious Time field, select the day in the week and start and end time that the policy monitors the event. (You may repeat this step to add more time)
  7. Click Save Changes.
  8. Click the +Add Another to monitor Suspicious Time on a different cloud account (optional).

Threat Protection - Suspicious Movement

  1. Go to Policy > Threat Protection > Suspicious Movement.
  2. Click on the right arrow key > next to the policy to display configuration setting.
  3. Click on Enabled toggle button to enable the policy.
  4. Click Applied To field to select target cloud account(s).
  5. In Velocity Settings field, enter a velocity greater than the maximum speed in international travel, e.g. commercial flight speed. The purpose is to monitor an unidentified login from another country.
  6. In Distance Tolerance field, enter the maximum distance for a user to travel in the vicinity before checking the velocity of the user. The purpose is to monitor for an unidentified login from another region within the country.
  7. Click Save Changes.
  8. Click the +Add Another to monitor Suspicious Movement on a different cloud account. (optional)
To setup a allow list for the Suspicious Movement Policy, please refer to Allow List

SOX/COBIT - Access to Sensitive Data

  1. Go to Policy > Compliance > SOX/COBIT.
  2. Click on the right arrow key > next to the policy to display configuration setting.
  3. Click Context.
  4. Click on Enabled toggle button to enable the policy.
  5. Click Applied To field to select targeted cloud account.
  6. Click on Compliance Collection field to select the compliance collection that this policy should be monitoring against. To select the data pattern associated with the compliance collection, please refer to Predefined Compliance Collection.
  7. Click Save Changes.
To setup notification to receive policy triggered alerts, refer to .

Policy Configuration Examples

Threat Protection - Suspicious Time

Threat Protection - Suspicious Movement

SOX/COBIT - Access to Sensitive Data

Threat Protection - Suspicious Time

  1. Go to Policy > Threat Protection > Suspicious Time.
  2. Click on the right arrow key > next to the policy to display configuration setting.
  3. Click on Enabled toggle button to enable the policy.
  4. Click Applied To field to select target cloud account.
  5. In Event field, select Specify events to select event(s) to be associated with the policy or Select all events.
  6. In Suspicious Time field, select the day in the week and start and end time that the policy monitors the event. (You may repeat this step to add more time)
  7. Click Save Changes.
  8. Click the +Add Another to monitor Suspicious Time on a different cloud account (optional).

Threat Protection - Suspicious Movement

  1. Go to Policy > Threat Protection > Suspicious Movement.
  2. Click on the right arrow key > next to the policy to display configuration setting.
  3. Click on Enabled toggle button to enable the policy.
  4. Click Applied To field to select target cloud account(s).
  5. In Velocity Settings field, enter a velocity greater than the maximum speed in international travel, e.g. commercial flight speed. The purpose is to monitor an unidentified login from another country.
  6. In Distance Tolerance field, enter the maximum distance for a user to travel in the vicinity before checking the velocity of the user. The purpose is to monitor for an unidentified login from another region within the country.
  7. Click Save Changes.
  8. Click the +Add Another to monitor Suspicious Movement on a different cloud account. (optional)
To setup a allow list for the Suspicious Movement Policy, please refer to Allow List

SOX/COBIT - Access to Sensitive Data

  1. Go to Policy > Compliance > SOX/COBIT.
  2. Click on the right arrow key > next to the policy to display configuration setting.
  3. Click Context.
  4. Click on Enabled toggle button to enable the policy.
  5. Click Applied To field to select targeted cloud account.
  6. Click on Compliance Collection field to select the compliance collection that this policy should be monitoring against. To select the data pattern associated with the compliance collection, please refer to Predefined Compliance Collection.
  7. Click Save Changes.
To setup notification to receive policy triggered alerts, refer to .