Default Cloud Anomaly Policies

This topic lists the default cloud anomaly policies.

For more information about these alerts, see Cloud activity anomaly alerts in the FortiCNAPP Alerts Reference.

AWS Behavior Anomaly Policies

The following table specifies the default AWS behavior anomaly policies.

Policy ID	Alert Generated by Policy
LW_AWS_ACCNT_86	New access made
LW_AWS_API_97	Service Called API
LW_AWS_API_98	API Failed With Error
LW_AWS_ERR_92	New Error Code
LW_AWS_LOGIN_94	Login From New Source Location
LW_AWS_MODELSERVICE_155	Unexpected Change in AWS API Error Volume
LW_AWS_MODELSERVICE_156	Unexpected Change in AWS GPU Instance Launch Volume
LW_AWS_REGION_90	New Region
LW_AWS_REGION_91	New AWS API invoked
LW_AWS_REGION_95	User Accessing Region
LW_AWS_REGION_96	New AWS service accessed in region
LW_AWS_SERVICE_89	New Service
LW_AWS_USR_87	AWS User Logged in from New Source
LW_AWS_USR_88	User Calltype MFA

Azure Behavior Anomaly Policies

The following table specifies the default Azure behavior anomaly policies.

Policy ID	Alert Generated by Policy
LW_AZURE_API_142	New Azure API Call Accessed Resource
LW_AZURE_ERROR_140	New Azure API Failed
LW_AZURE_EVENT_141	New Azure Operation On Resource
LW_AZURE_SERVICE_138	New Azure Service
LW_AZURE_SUBSCRIPTION_137	New Azure Subscription

Google Cloud Behavior Anomaly Policies

The following table specifies the default Google Cloud behavior anomaly policies.

Policy ID	Alert Generated by Policy
LW_GCP_ACCNT_107	New GCP organization
LW_GCP_ERROR_118	GCP API failed with error
LW_GCP_LOGIN_108	New GCP source
LW_GCP_LOGIN_114	GCP user logged in from source
LW_GCP_REGION_111	New GCP region
LW_GCP_REGION_115	GCP user accessing region
LW_GCP_REGION_116	New GCP service accessed in region
LW_GCP_SERVICE_110	New GCP service
LW_GCP_SERVICE_112	New GCP API call
LW_GCP_SERVICE_117	New GCP API invoked for GCP service
LW_GCP_USR_109	New GCP user