config system enforcement-profile
Use this command to configure the FortiNDR enforcement profile. FortiNDR system will use this to filter out anomaly detection events for executing enforcement.
Syntax
config system enforcement-profile edit <name_str> set allowlist <ipv4mask> set risk-level <int> set conf-level <int> set severity <int> set category {malware,botnet,encrypted-attack,network-attack,ioc,week-cipher, machine-learning} end
Variable |
Description |
Default |
---|---|---|
|
The IP addresses and netmasks in the allowlist (white list) are excluded from enforcement consideration. Separate each pair of IP address and netmask with a comma (,). |
|
|
Malicious detected records with the entered risk level and above are considered when executing enforcement by FortiNDR. Valid values are |
|
|
Malicious detected records with the entered confidence level and above are considered when executing enforcement by FortiNDR. The valid range is |
0.8
|