Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Administration Guide

    Home FortiDLP FortiDLP Administration Guide

    Publishing incident sequence rules

    Publishing incident sequence rules

    After you configure a sequence rule, you must publish it to make it effective for applicable entities.

    You can publish a sequence rule immediately. Alternatively, if you need more time to review your rule before pushing it to entities, you can save a draft and publish the rule later.

    The instructions for publishing a sequence rule immediately are described in Creating incident sequence rules. To publish a draft sequence rule, follow these steps.

    How to publish an incident sequence rule draft
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Select the Sequence rules tab.
    3. Do one of the following:
      • To review/update the configuration prior to publishing the rule:
        1. Click the rule you want to publish.
        2. Edit the rule as needed, referring to Editing incident sequence rules and Creating incident sequence rules for instructions.
        3. Verify the Enabled toggle is turned on for all the policies you want to include in the rule stages.
        4. Verify the Operation mode toggle is set to Enabled for the rule.
          5. Note

          A rule is effective when it is enabled and published.

        5. Click Publish rule.
        6. In the Publish incident rule dialog box, click Publish.
      • To publish the rule without reviewing/updating the configuration:
        1. On the right-hand side of the row for the relevant rule, click Publish.
        2. In the Publish incident rule dialog box, click Publish.
    Previous
    Next

    Publishing incident sequence rules

    Publishing incident sequence rules

    After you configure a sequence rule, you must publish it to make it effective for applicable entities.

    You can publish a sequence rule immediately. Alternatively, if you need more time to review your rule before pushing it to entities, you can save a draft and publish the rule later.

    The instructions for publishing a sequence rule immediately are described in Creating incident sequence rules. To publish a draft sequence rule, follow these steps.

    How to publish an incident sequence rule draft
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Select the Sequence rules tab.
    3. Do one of the following:
      • To review/update the configuration prior to publishing the rule:
        1. Click the rule you want to publish.
        2. Edit the rule as needed, referring to Editing incident sequence rules and Creating incident sequence rules for instructions.
        3. Verify the Enabled toggle is turned on for all the policies you want to include in the rule stages.
        4. Verify the Operation mode toggle is set to Enabled for the rule.
          5. Note

          A rule is effective when it is enabled and published.

        5. Click Publish rule.
        6. In the Publish incident rule dialog box, click Publish.
      • To publish the rule without reviewing/updating the configuration:
        1. On the right-hand side of the row for the relevant rule, click Publish.
        2. In the Publish incident rule dialog box, click Publish.
    Previous
    Next