Fortinet white logo
Fortinet white logo

Administration Guide

Assigning a security policy to a Collector Group

Assigning a security policy to a Collector Group

By default, a security policy protects the FortiEDR Collectors that belong to that Collector Group. A security policy can be assigned to more than one Collector Group. Multiple security policies can be assigned to each Collector Group.

Note

It is not recommended to assign multiple security policies that have the same or overlapping rules to a Collector Group, as this means that the same security events will be triggered in response to both policies, producing duplicated events.

Refer to Defining a new Collector Group for a description of how to define a new Collector Group in the INVENTORY tab.

  1. In the SECURITY POLICIES page, select the name of the security policy to be assigned by clicking its checkbox.

  2. The right side of the window displays the Collector Groups to which this policy is assigned.

    Click the Assign Collector Group toolbar button, which displays the following window in which you can select the Collector Groups to which to assign this policy.

Note

The ASSIGNED COLLECTORS GROUPS area lists all the Collector Groups that have been assigned a security policy to protect them. You can also simply drag-and-drop a Collector Group from this list onto a policy in the left pane of this window to assign the Collector Group to be protected by that policy.

Deleting a security policy

Select the policy’s checkbox and then click the Delete button.

Note

The Exfiltration Prevention, Ransomware Prevention, Device Control, Application Control, eXtended Detection, and Execution Prevention FortiEDR security policies provided out-of-the-box ( ) cannot be deleted.

Assigning a security policy to a Collector Group

Assigning a security policy to a Collector Group

By default, a security policy protects the FortiEDR Collectors that belong to that Collector Group. A security policy can be assigned to more than one Collector Group. Multiple security policies can be assigned to each Collector Group.

Note

It is not recommended to assign multiple security policies that have the same or overlapping rules to a Collector Group, as this means that the same security events will be triggered in response to both policies, producing duplicated events.

Refer to Defining a new Collector Group for a description of how to define a new Collector Group in the INVENTORY tab.

  1. In the SECURITY POLICIES page, select the name of the security policy to be assigned by clicking its checkbox.

  2. The right side of the window displays the Collector Groups to which this policy is assigned.

    Click the Assign Collector Group toolbar button, which displays the following window in which you can select the Collector Groups to which to assign this policy.

Note

The ASSIGNED COLLECTORS GROUPS area lists all the Collector Groups that have been assigned a security policy to protect them. You can also simply drag-and-drop a Collector Group from this list onto a policy in the left pane of this window to assign the Collector Group to be protected by that policy.

Deleting a security policy

Select the policy’s checkbox and then click the Delete button.

Note

The Exfiltration Prevention, Ransomware Prevention, Device Control, Application Control, eXtended Detection, and Execution Prevention FortiEDR security policies provided out-of-the-box ( ) cannot be deleted.