DoS Notification/Monitoring of a Specific IP

Using 300E on v6.0.8 Is it possible to monitor activity from a particular IP, preferably in a more automated way; API or script, to know when a *specific* IP triggers a DoS rule, and why? (I'm quite comfortable with coding, I'm just not sure what parameters or how to go about it for the Fortigate - I have API access, but have not had much time to explore it.) I have a colleague that is getting caught in the DoS filter and while I have my suspicions of why, I'd like to see positively what's causing the trigger, without all of the noise the typical DoS "intrusion alerts" carry, which is primarily port scanning traffic, bots and script kiddies.