This rule monitors changes to VPN SSL settings in FortiGate devices, specifically focusing on modifications related to authentication rules associated with VPN SSL Web Portals. Such changes can indicate potential malicious activity, especially when they coincide with other indicators of compromise. The rule employs a selection criteria that looks for edit actions within the configuration path corresponding to VPN SSL settings. The use of SSL VPNs can be targeted by attackers to facilitate unauthorized access. Therefore, any legitimate modifications should be validated against the context of organizational policies and incident response protocols to prevent false positives.