Findings and Policy Relationship
Introduction
Findings are alerts triggered by FortiCNP security policies such as User Activity, Network, Data Scan, etc. The FortiCNP security policies determine the benchmark of the cloud security postures. When the policies are enabled, at any time when any policy is violated by user activity, configuration change, etc. , findings will be generated to alarm the cloud administrator to mitigate the security risk finding.
Prerequisite
The prerequisite to generate findings is to enable the security policies in POLICIES. For more details on enabling and configuring policies, please refer to Predefined Policy Configuration.
Finding Types and Policy Location
Use this table to find the finding type and corresponding policy page location to configure the policy.
Finding Type | Findings Location on FortiCNP | FortiCNP Policy Location |
---|---|---|
Risk Management | INSIGHTS > Risk > Findings tab | POLICIES > Risk Management |
Amazon Inspector | INSIGHTS > Risk > Findings tab | ADMIN > Cloud Accounts > Integrations |
Network | INSIGHT > Threat > Findings tab | POLICIES > Threat Detection > Network tab |
User Activity | INSIGHT > Threat > Findings tab | POLICIES > Threat Detection > User Activity tab |
Amazon Guard Duty | INSIGHT > Threat > Findings tab | ADMIN > Cloud Accounts > Integrations |
Microsoft Defender for Cloud | INSIGHT > Threat > Findings tab | ADMIN > Cloud Accounts > Integrations |
Data Scan | INSIGHTS > Data > Findings tab | POLICIES > Data Scan > Policies |