Trying to set up a FORTI-WEB email policy to only send mails of Critical attacks

Sniper19 · ‎04-10-2025

I created a new EMAIL POLICY under Log&Report -> Email Policy and named it WAF-CRITICAL, set the log level to Critical , set up the SMTP sender and myself as the recipient and saved it.

I then went to Trigger Policy, Create New gave it a name and under email policy drop down i selected WAF-CRITICAL which is the email policy.

I started receiving emails but not for Critical level attacks but for low level attacks instead , basically every single event is being emailed to me instead of only Critical Attacks.

I am running FORTI-WEB v7.2.10 build409 (GA)

These are the kind of alert emails im receiving:

Alert details
________________________________________
Date 2025-04-10
Time 09:25:14
Log ID 20000008
MSG ID 000042044972
Time Zone (GMT+2:00)Harare,Pretoria
Type attack
Main Type Signature Detection
Sub Type Information Disclosure
Level alert
Severity Level Low
Protocol tcp
Service https/tls1.2
Action Alert

How do i set this up to only mail CRITICIAL attacks and not overwhelm my emails with low level attacks?

Also under Log&Report -> Log Config -> Global Log Settings i have enabled "Alert Mail" slider and set log level to "Critical" on the drop down.

FortiWeb

muhaimifatihi · ‎04-29-2025

Hi,

Have you tried using trigger policy?

Log&Report > Log Policy > Trigger Policy. Create new and select your email policy created previously.

Then in Edit Signature Policy, you can enable trigger policy for each signature category you want.

Reference:

log-trigger-policy

waf-signature

Hope this helps.

Thanks.

Muhaimi

Trying to set up a FORTI-WEB email policy to only send mails of Critical attacks

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website