I need some help configuring an alert for a specific policy ID on my FortiGate device. I have a local honeypot (in VDOM) and an IP blacklist of known command and control sites (updated every 30 minutes). When these policyID's get ANY traffic, I want to get an alert via email or ideally a Teams webhook. Does anyone know how to do this using FortiGate, (free) FortiAnalyzer or Cloud?
I have searched the documentation but haven't found a clear answer. Any help would be greatly appreciated. Thanks in advance.
THX Graham I tried that but I did not manage to create an event hit But this looks definetly the most promising. Data Selector: Set a Filter Logdevice=Fortigate, Type=Any, Subtype=Any, Logfield=Policyid equal 213 (for testing 213 writes a log everytime I ping 18.104.22.168)
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.