Fortinet white logo
Fortinet white logo

CLI Reference

ms365 profile bec

ms365 profile bec

Use this command to configure business email compromise (BEC) profile rules for the administrator account of the Microsoft 365 domain. To avoid false positives and false negatives, assign scores to adjust the weight allocated to each of the most common BEC attack types, such as cousin domains, suspicious characters, sender alignment, action keywords, and URL categories.

Once configured, BEC profiles are then used in antispam profiles.

Syntax

config profile bec

edit <name>

config rule

set comment <string>

edit <order-integer>

set action <datasource>

set action-keyword-score <float>

set cousin-domain-score <float>

set malformed-email-score <float>

set name <string>

set sender-alignment-score <float>

set status {enable | disable}

set suspicious-character-score <float>

set threshold <float>

set url-profile <datasource>

set url-profile-score <float>

next

end

end

Syntax

Variable

Description

Default

action <datasource> Enter an antispam action profile name for the rule.

action-keyword-score <float> Enter a weight-adjusted score for actions keywords.

10.000000

cousin-domain-score <float> Enter a weight-adjusted score for cousin domains.

10.000000

malformed-email-score <float>

Enter a weight-adjusted score for malformed emails.

Malformed emails are those emails that contain malformed data in the email structure, header, or body. For more information, see RFC 7103.

10.000000

name <string> Enter a name for the rule.

sender-alignment-score <float>

Enter a weight-adjusted score for sender alignment.

Sender alignment checks for a Header From and Envelope From domain mismatch.

10.000000

status {enable | disable}

Enable or disable the profile rule.

enable

suspicious-character-score <float>

Enter a weight-adjusted score for suspicious characters.

10.000000

threshold <float>

Define the threshold at which point actions are taken. This score is allocated to the other categories.

50.000000

url-profile <datasource>

Enter a URL profile to assign to the URL category (url-profile-score).

unrated

url-profile-score <float> Enter a weight-adjusted score for URL profiles that analyze any phishing URLs contained within emails.

10.000000

ms365 profile bec

ms365 profile bec

Use this command to configure business email compromise (BEC) profile rules for the administrator account of the Microsoft 365 domain. To avoid false positives and false negatives, assign scores to adjust the weight allocated to each of the most common BEC attack types, such as cousin domains, suspicious characters, sender alignment, action keywords, and URL categories.

Once configured, BEC profiles are then used in antispam profiles.

Syntax

config profile bec

edit <name>

config rule

set comment <string>

edit <order-integer>

set action <datasource>

set action-keyword-score <float>

set cousin-domain-score <float>

set malformed-email-score <float>

set name <string>

set sender-alignment-score <float>

set status {enable | disable}

set suspicious-character-score <float>

set threshold <float>

set url-profile <datasource>

set url-profile-score <float>

next

end

end

Syntax

Variable

Description

Default

action <datasource> Enter an antispam action profile name for the rule.

action-keyword-score <float> Enter a weight-adjusted score for actions keywords.

10.000000

cousin-domain-score <float> Enter a weight-adjusted score for cousin domains.

10.000000

malformed-email-score <float>

Enter a weight-adjusted score for malformed emails.

Malformed emails are those emails that contain malformed data in the email structure, header, or body. For more information, see RFC 7103.

10.000000

name <string> Enter a name for the rule.

sender-alignment-score <float>

Enter a weight-adjusted score for sender alignment.

Sender alignment checks for a Header From and Envelope From domain mismatch.

10.000000

status {enable | disable}

Enable or disable the profile rule.

enable

suspicious-character-score <float>

Enter a weight-adjusted score for suspicious characters.

10.000000

threshold <float>

Define the threshold at which point actions are taken. This score is allocated to the other categories.

50.000000

url-profile <datasource>

Enter a URL profile to assign to the URL category (url-profile-score).

unrated

url-profile-score <float> Enter a weight-adjusted score for URL profiles that analyze any phishing URLs contained within emails.

10.000000