Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.1.0 Administration Guide
5.1.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0

Policy Rules

Policy Rules

For each communication policy, FortiEDR provides four rules out of the box. These rules can be modified to specify the connections to be blocked/unblocked according to several parameters. FortiEDR provides the following communication policy rules:

Policy Rule

Description
Default rule This rule applies when none of the other three rules apply.
Reputation is less than or equal to X This rule enables FortiEDR to block/unblock by reputation score.
Vendor is within X vendors This rule enables FortiEDR to block/unblock by vendor. For this rule, you specify the vendor(s) to include and to exclude.
Vulnerability is greater than or equal to X This rule enables FortiEDR to block/unblock by vulnerability. In the rules, X represents a user-defined value.

In the rules, X represents a user-defined value.

For example, the figure below shows that the Servers Policy has the following rules defined for it:

  • Vendor is within 12 vendors. This rule is enabled for the policy. The action for this rule is Allow.
  • Default rule (if none of the rules apply). This rule is always enabled.

You can enable or disable a rule for a policy by clicking the Enabled/Disabled button in the State column of the applicable rule. This button toggles between Enabled/Disabled.

Editing a Policy Rule

The four rules for a policy can be modified, as needed.

To edit a rule:
  1. Click the Edit button for the rule of the policy that you want to modify. This switches the view to the APPLICATIONS page, enabling you to review the applications affected by this rule before saving it. The following displays:

  2. In the Select Filter dropdown list, select the parameter whose value you want to set in the rule. This dropdown list lists the parameters available to configure for the rule.

  3. In the rightmost Select Criteria dropdown list, select the value for the parameter. This dropdown list lists the values available to configure for the parameter specified in step 2.

    Note – When modifying the Vendor is within X vendors rule, you specify the vendor(s) to include and those to exclude for the rule.

  4. Click the Setup rule link.

  5. In the Under dropdown list, select the policy to which this rule applies.

  6. In the Then field, specify whether to Allow or Deny the application based on this rule.

    The application list now shows the number of application(s) affected by the rule change.

  7. Click the Save and Enable button to save and enable the changes to the rule. A confirmation window displays, confirming the rule change.

  8. Click OK.
Previous
Next

Policy Rules

For each communication policy, FortiEDR provides four rules out of the box. These rules can be modified to specify the connections to be blocked/unblocked according to several parameters. FortiEDR provides the following communication policy rules:

Policy Rule

Description
Default rule This rule applies when none of the other three rules apply.
Reputation is less than or equal to X This rule enables FortiEDR to block/unblock by reputation score.
Vendor is within X vendors This rule enables FortiEDR to block/unblock by vendor. For this rule, you specify the vendor(s) to include and to exclude.
Vulnerability is greater than or equal to X This rule enables FortiEDR to block/unblock by vulnerability. In the rules, X represents a user-defined value.

In the rules, X represents a user-defined value.

For example, the figure below shows that the Servers Policy has the following rules defined for it:

  • Vendor is within 12 vendors. This rule is enabled for the policy. The action for this rule is Allow.
  • Default rule (if none of the rules apply). This rule is always enabled.

You can enable or disable a rule for a policy by clicking the Enabled/Disabled button in the State column of the applicable rule. This button toggles between Enabled/Disabled.

Editing a Policy Rule

The four rules for a policy can be modified, as needed.

To edit a rule:
  1. Click the Edit button for the rule of the policy that you want to modify. This switches the view to the APPLICATIONS page, enabling you to review the applications affected by this rule before saving it. The following displays:

  2. In the Select Filter dropdown list, select the parameter whose value you want to set in the rule. This dropdown list lists the parameters available to configure for the rule.

  3. In the rightmost Select Criteria dropdown list, select the value for the parameter. This dropdown list lists the values available to configure for the parameter specified in step 2.

    Note – When modifying the Vendor is within X vendors rule, you specify the vendor(s) to include and those to exclude for the rule.

  4. Click the Setup rule link.

  5. In the Under dropdown list, select the policy to which this rule applies.

  6. In the Then field, specify whether to Allow or Deny the application based on this rule.

    The application list now shows the number of application(s) affected by the rule change.

  7. Click the Save and Enable button to save and enable the changes to the rule. A confirmation window displays, confirming the rule change.

  8. Click OK.
Previous
Next