FortiSIEM Using Geolocation Attributes in Rules

Using Geolocation Attributes in Rules

In the same way that you can use geolocation attributes in searches and search results, you can also use them in creating rules. AccelOps includes four system-level rules based on geolocation attributes:

Failed VPN Logon from Outside My Country

Successful VPN Logon from Outside My Country

Large Inbound Transfer From Outside My Country

Large Outbound Transfer To Outside My Country

This screenshot shows the sub pattern for Failed VPN Logon from Outside My Country as an illustration of the way you can use geolocation attributes in a rule.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Name *
Email *
Website

This site uses Akismet to reduce spam. Learn how your comment data is processed.