FortiSIEM Using Geolocation Attributes in Rules

Using Geolocation Attributes in Rules

In the same way that you can use geolocation attributes in searches and search results, you can also use them in creating rules. AccelOps includes four system-level rules based on geolocation attributes:

Failed VPN Logon from Outside My Country

Successful VPN Logon from Outside My Country

Large Inbound Transfer From Outside My Country

Large Outbound Transfer To Outside My Country

This screenshot shows the sub pattern for Failed VPN Logon from Outside My Country as an illustration of the way you can use geolocation attributes in a rule.

This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.