Configuring a Credential Stuffing Defense Policy
Credential Stuffing Defense identifies login attempts using username and password that have been compromised using an always up-to-date feed of stolen credentials. Administrators can configure their supported devices to take various actions if a suspicious login is used including logging, alerts, and blocking.
To configure an Credential Stuffing Defense policy:
- Go to Web Application Firewall > Access Protection.
- Click the Credential Stuffing Defense tab.
- Click Create New to display the configuration editor.
- Complete the Credential Stuffing Defense configuration.
- Save the configuration.
|Name||Configuration name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. After you initially save the configuration, you cannot edit the name.|
|Status||Enable or disable this profile. Default is disable.|
Select the action profile that you want to apply. See Configuring WAF Action objects.
The default is Alert.
High—Log matches as high severity events.
Medium—Log matches as a medium severity events.
Low—Log matches as low severity events.
The default is Low, but we recommend you use High or Medium.
Note: FortiADC has no built-in Credential Stuffing Defense database. At least one FortiGuard update is required to install the database, otherwise this feature is ineffective. For details, see Configuring FortiGuard service settings.