We want it all....all of it....but not in our inboxes

Question

Hi everybody,

I'm looking for a bit of a sanity check (on me and the requirements I'm dealing with).

I've been tasked to have a look at the reporting coming out of the FD600's where using in conjunction with the Fortianalyzer.

The Fortigates are currently used purely for monitoring in our environment (web company) and are sitting behind the firewalls (or to the side really) to monitor all the traffic , regardless of whether or not it's relevant to us or we even own the hardware the attacks are aimed at (CCTV and BAC systems) so the security profile contains everything.

However there is also a requirement to have targeted realtime alerting for stuff which is relevant to us while at the same time having a log of everything.

From my (admittedly new and limited) understanding this is simply not possible? We configure the security profile with what's relevant to us and then have it alert on the relevant threat levels and categories?

Could someone point me in the right direction here? Have I overlooked anything?

Many thanks in advance from this confused (but also fascinated) noob

Dave_Hall · Accepted Answer

Take a look at the Event handlers section of the Administration Guide for the FortiAnalyzer.

Toshi_Esumi · Answer

I don't know if FortiAnalyzer side has alert email service. But at least the FGT has below alert email feature:

https://help.fortinet.com/fadc/4-5-1/olh/Content/FortiADC/handbook/alert.htm

I'm not sure the filter categories are granular enough for your requirement though.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded