Re: Cisco threat-detection shun - How to do it on Forti-OS 6.0.6 100F
The IPS features that @justinhatem lists should give you a good starting point. You should be able to adjust some of your IPS profiles to include handling specific signatures. For example, you could add Port.Scanning (ID 43814) as an IPS Signature to change default handling of that signature to quarantine for a set length of time.
In the same IPS profile you can enable specific rate based signatures (listed at the bottom) and set those to quarantine as well. For example, MySQL.Login.Brute.Force. In this case you set a "Block Duration" which should probably just be called quarantine.
Excluding IPs or zones from these IPS signatures would be done by applying the appropriate IPS profiles to security policies for different interfaces, zones, subnets, etc.
Afraid I don't know which specific IPS signatures would match to Cisco's threat detection basic, though. Maybe somebody else will jump in with that info.