config system enforcement-profile

Use this command to configure the FortiNDR enforcement profile. FortiNDR system will use this to filter out anomaly detection events for executing enforcement.

Syntax

config system enforcement-profile 
  edit <name_str>
    set allowlist <ipv4mask> 
    set risk-level <int> 
    set conf-level <int>
    set severity <int>
    set category {malware,botnet,encrypted-attack,network-attack,ioc,week-cipher, machine-learning}
  end

Variable	Description	Default
`allowlist <allowlist_ipv4mask>`	The IP addresses and netmasks in the allowlist (white list) are excluded from enforcement consideration. Separate each pair of IP address and netmask with a comma (,).
`risk-level <risk_lvl_int>`	Malicious detected records with the entered risk level and above are considered when executing enforcement by FortiNDR. Valid values are `2` (medium risk), `3` (high risk), or `4` (critical risk).	`4`
`conf-level <conf_lvl_float>`	Malicious detected records with the entered confidence level and above are considered when executing enforcement by FortiNDR. The valid range is `0.8` to `1.0`.	`0.8`

Variable

Description

Default

allowlist <allowlist_ipv4mask>

The IP addresses and netmasks in the allowlist (white list) are excluded from enforcement consideration. Separate each pair of IP address and netmask with a comma (,).

risk-level <risk_lvl_int>

Malicious detected records with the entered risk level and above are considered when executing enforcement by FortiNDR.

Valid values are 2 (medium risk), 3 (high risk), or 4 (critical risk).

4

conf-level <conf_lvl_float>

Malicious detected records with the entered confidence level and above are considered when executing enforcement by FortiNDR.

The valid range is 0.8 to 1.0.

0.8

config system enforcement-profile

Use this command to configure the FortiNDR enforcement profile. FortiNDR system will use this to filter out anomaly detection events for executing enforcement.

Syntax

config system enforcement-profile edit <name_str> set allowlist <ipv4mask> set risk-level <int> set conf-level <int> set severity <int> set category {malware,botnet,encrypted-attack,network-attack,ioc,week-cipher, machine-learning} end

Variable	Description	Default
`allowlist <allowlist_ipv4mask>`	The IP addresses and netmasks in the allowlist (white list) are excluded from enforcement consideration. Separate each pair of IP address and netmask with a comma (,).
`risk-level <risk_lvl_int>`	Malicious detected records with the entered risk level and above are considered when executing enforcement by FortiNDR. Valid values are `2` (medium risk), `3` (high risk), or `4` (critical risk).	`4`
`conf-level <conf_lvl_float>`	Malicious detected records with the entered confidence level and above are considered when executing enforcement by FortiNDR. The valid range is `0.8` to `1.0`.	`0.8`

Variable

Description

Default

allowlist <allowlist_ipv4mask>

The IP addresses and netmasks in the allowlist (white list) are excluded from enforcement consideration. Separate each pair of IP address and netmask with a comma (,).

risk-level <risk_lvl_int>

Malicious detected records with the entered risk level and above are considered when executing enforcement by FortiNDR.

Valid values are 2 (medium risk), 3 (high risk), or 4 (critical risk).

4

conf-level <conf_lvl_float>

Malicious detected records with the entered confidence level and above are considered when executing enforcement by FortiNDR.

The valid range is 0.8 to 1.0.

0.8

CLI reference

config system enforcement-profile