Skip to main content
syu
syu
New Member
July 22, 2015
Question

Best practices for configuring email alerts?

  • July 22, 2015
  • 1 reply
  • 8065 views

Here is an example below. How can I filter it out of the email alerts?

Message meets Alert condition The following intrusion was observed: IP.Land. date=2015-07-22 time=16:30:37 devname=FG1 devid=FG1K5D3 logid=0419016384 type=utm subtype=ips eventtype=signature level=alert vd="FW1" severity=low srcip=192.168.240.16 dstip=192.168.240.16 srcintf="DMZ" dstintf="DMZ" sessionid=4670609 action=detected proto=6 service=HTTP attack="IP.Land" srcport=51490 dstport=80 direction=outgoing attackid=12588 profile="DefaultIPS" ref="http://www.fortinet.com/ids/VID12588" user="" incidentserialno=45005085 msg="a-ipdf: IP.Land," crscore=5 crlevel=low

 

I need some suggestion here please. We have email alerts configured as screenshot. Email Alerts are working however the issue is that we are a little bit overwhelmed by the number of emails coming in ...

 

So my question: is there any other way I can further filter what to be sent in email as alerts?

 

I also tried using severity level (error and above) but that was even worse...

 

 

 

1 reply

gschmitt
gschmitt
New Member
July 23, 2015

personally I'd remove "Virus detected" and "Violation traffic detected" from the list.

Virus detected simply means "Your user clicked a link, the fortigate blocked it, nothing happend" it didn't even make it to the machine (this is the job of your anti-virus if something actually infected a machine)

syu
syuAuthor
New Member
July 23, 2015

gschmitt wrote:

personally I'd remove "Virus detected" and "Violation traffic detected" from the list.

Virus detected simply means "Your user clicked a link, the fortigate blocked it, nothing happend" it didn't even make it to the machine (this is the job of your anti-virus if something actually infected a machine)

Thanks. Is there any best practice doc for logging with Fortigate? We do not have Fortianalyser.

Terms & ConditionsAccessibility statement