Fortinet black logo

Online Help

Predefined Policy Configuration

Copy Link
Copy Doc ID cf00dcb1-0886-11ed-bb32-fa163e15d75b:371633

Predefined Policy Configuration

All Cloud Protection policies: Risk Management, Threat Protection, Data Scan, and Compliance policies have out-of-the-box predefined policies. These predefined policies are cloud security policies recommended by FortiCNP to maintain strong security posture. Predefined policies can trigger findings, provide suggestions on fixing the cloud configurations to comply with security best practices.

Finding is generated when user activity or cloud configurations do not comply with a policy, and a finding is generated to alarm the cloud administration to take action on possible security incident or security vulnerability.

All Cloud Protection Policies need to be enabled to generate findings in FortiCNP. This also applies to C-Level and Compliance Report, only enabled policies will generate data on reports.

Policy Configuration Parameters

Not all policies have the same configuration parameters, this table shows all types of policy configuration parameters.

Policy Parameter Description
Context Name Shows the name of the policy. Not configurable.
Policy Description Shows the description of the policy. Not configurable.
Severity Level Specify the severity level for the policy. Not configurable
Enabled Click to enable/disable the policy.
Applied To Click to select which cloud account and platform the policy should apply to.
Event Select the event in which the policy should be applied on. For example, login/logout, etc.
Location Select or exclude the location which the policy should be applied on.

Velocity Settings

Maximum speed user can be traveling before the policy trigger an alert. This applies to security policies that monitors login activities. For examples on using this parameter, please see Threat Protection Example - Suspicious Movement.

Distance Tolerance

Maximum distance for a user to travel in the vicinity before checking the velocity of the user. This applies to security policies that monitors login activities. For examples on using this parameter, please see Threat Protection Example - Suspicious Movement.

Suspicious Time

Specify the time which the policy should be monitoring the event.

Allow Autofix Click to enable or disable Auto-fixing the alert trigger by the policy.
Compliance Collection (Compliance Policy only) Select the type of collection of DLP policy or AV scan that the policy can be associated with in Compliance Collection

Example - Steps to Enable a Predefined Policy

  1. Go to a predefined policy: POLICIES > Risk Management > Predefined tab > VPC Flow Logs should be enabled.
  2. Click the right arrow sign > to expand the policy.
  3. Click the Enabled toggle button to enable the policy.
  4. Click Applied To drop down menu to select the AWS accounts that this policy should apply to.
  5. Click Save Changes to complete the configuration.

The policy configured should take effect within a few minutes.

To setup notification to receive policy triggered findings, refer to Cloud Protection Notification Configuration.

Predefined Policy Configuration

All Cloud Protection policies: Risk Management, Threat Protection, Data Scan, and Compliance policies have out-of-the-box predefined policies. These predefined policies are cloud security policies recommended by FortiCNP to maintain strong security posture. Predefined policies can trigger findings, provide suggestions on fixing the cloud configurations to comply with security best practices.

Finding is generated when user activity or cloud configurations do not comply with a policy, and a finding is generated to alarm the cloud administration to take action on possible security incident or security vulnerability.

All Cloud Protection Policies need to be enabled to generate findings in FortiCNP. This also applies to C-Level and Compliance Report, only enabled policies will generate data on reports.

Policy Configuration Parameters

Not all policies have the same configuration parameters, this table shows all types of policy configuration parameters.

Policy Parameter Description
Context Name Shows the name of the policy. Not configurable.
Policy Description Shows the description of the policy. Not configurable.
Severity Level Specify the severity level for the policy. Not configurable
Enabled Click to enable/disable the policy.
Applied To Click to select which cloud account and platform the policy should apply to.
Event Select the event in which the policy should be applied on. For example, login/logout, etc.
Location Select or exclude the location which the policy should be applied on.

Velocity Settings

Maximum speed user can be traveling before the policy trigger an alert. This applies to security policies that monitors login activities. For examples on using this parameter, please see Threat Protection Example - Suspicious Movement.

Distance Tolerance

Maximum distance for a user to travel in the vicinity before checking the velocity of the user. This applies to security policies that monitors login activities. For examples on using this parameter, please see Threat Protection Example - Suspicious Movement.

Suspicious Time

Specify the time which the policy should be monitoring the event.

Allow Autofix Click to enable or disable Auto-fixing the alert trigger by the policy.
Compliance Collection (Compliance Policy only) Select the type of collection of DLP policy or AV scan that the policy can be associated with in Compliance Collection

Example - Steps to Enable a Predefined Policy

  1. Go to a predefined policy: POLICIES > Risk Management > Predefined tab > VPC Flow Logs should be enabled.
  2. Click the right arrow sign > to expand the policy.
  3. Click the Enabled toggle button to enable the policy.
  4. Click Applied To drop down menu to select the AWS accounts that this policy should apply to.
  5. Click Save Changes to complete the configuration.

The policy configured should take effect within a few minutes.

To setup notification to receive policy triggered findings, refer to Cloud Protection Notification Configuration.