FortiGate 60E 6.4.7
I have my email alert settings set in threshold mode, and the threshold set at critical.
In my threat weight settings I have various web categories set at critical weight, yet when someone hits one of those categories, no email alert is sent.
For example, my web filter profile is set to block 'Malicious Websites' category. My threat weight for that category is 'critical'.
config log threat-weight config web edit 1 set category 26 set level critical
The email alert severity is set at critical
config alertemail setting set username ************* set mailto1 ************ set filter-mode threshold set severity critical end
If I try to visit a site in the Malicious Website category, from one of the machines in the aforementioned web filter profile, I can see this in the Web Filter logs with severity Critical as expected. However, no email is sent.
I receive other emails e.g. IPS threats, failed admin logins etc, so it would not appear to be a more generic email settings issue but something specific to web filter logs.
Any help would be hugely appreciated!
Hey lakesdan,
can you double-check if the severity, or the threat-level is critical? Those may be two different log fields.
If you download the log message, and view it in an editor, there should be a field 'severity', which is what the alert emails go off, and a field 'crlevel', which should be the threat level if I remember correctly.
Hi Debbie,
There isn't a 'severity' but there is a 'level' which is coming out as warning. The crlevel is critical.
If the email alerts don't go off the crlevel which is what you can change in the threat weight settings, why does it let you change them, is it just for reporting?
Is there any other way to achieve what I'm trying to do aside from using filter-mode: category? Can it be done using automation stitches instead?
Hello, I am looking for the same solution, were you ever able to accomplish this?
@krizzy9876 - no, unfortunately not.
Starting from 7.2 we have more categories added to automation triggers.
I haven't tested these, can you try creating a automation stitch with trigger as "web filter violations" and action as "Email Notification" ?
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
Thank you for the tip, I will upgrade and test to see if this does what I need :)
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.