I need some help configuring an alert for a specific policy ID on my FortiGate device. I have a local honeypot (in VDOM) and an IP blacklist of known command and control sites (updated every 30 minutes).
When these policyID's get ANY traffic, I want to get an alert via email or ideally a Teams webhook.
Does anyone know how to do this using FortiGate, (free) FortiAnalyzer or Cloud?
I have searched the documentation but haven't found a clear answer.
Any help would be greatly appreciated. Thanks in advance.