Trigger for High Security Alerts (Antivirus)

Fortilover · ‎05-10-2023

Dear Fortinet Community.

I have a question and cannot really find a solution for it. What a pitty I have only a Fortigate without a integrated harddrive. because of this, at the moment, I have no real logging... The logs just dissapear after some minutes...

At the beginning of the week we have turned on AntiVirus Scanning (Flow Based) with SSL Deep Scanning. Works perfectly I need to say :) So now I wanted to create a Trigger and Stitch and so on in order to receive an email if a user is receiving the High Security Alert. I wanted to do that becaause we have no real logs like I said before. And yes I know I could use a syslog Server. But my real question is:

Is it possible to create a trigger that informs me if someone wanted to download a virus?

With kindest regards

FortiLover :)

FortiGate

srajeswaran · ‎05-11-2023

https://docs.fortinet.com/document/fortigate/7.2.0/new-features/733368/add-new-automation-triggers-f...

This is new feature on 7.2, so I believe you are on a lower version, is an upgrade possible for you?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

Fortilover · ‎05-11-2023

And now it worked perfectly :) After updateing the Fortigate to the newest version we can get E-Mail notifications. I am happy!!! Thank you very much again.

View solution in original post

srajeswaran · ‎05-11-2023

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

srajeswaran · ‎05-11-2023

Could you try using the below trigger.

Security Fabric ->Automation -> Trigger -> Create New ->Virus Logs

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Fortilover · ‎05-11-2023

Dear @srajeswaran

Thank you sooo much for your answer. Hmm. On my Fortigate it looks like this:

Can you probably imagine why I do not see this? Do I need to activate a special feature, or am I missing a special licence? Could this be the case?

Thank you again very very much for your time :)

srajeswaran · ‎05-11-2023

Could be a version issue, can you confirm the OS version?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

srajeswaran · ‎05-11-2023

https://docs.fortinet.com/document/fortigate/7.2.0/new-features/733368/add-new-automation-triggers-f...

This is new feature on 7.2, so I believe you are on a lower version, is an upgrade possible for you?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Fortilover · ‎05-11-2023

Aaaaah. That's it. We are below 7.2. So now I will have a look if it is possible for our model to get the new version. We see a possible update message. So I think it is time to get uptodate :) Thank you so much @srajeswaran Your help is awesome. Very very much appreciated. :) I will plan the rollout for the new version update and will let you know here in the thread if this was successful :) Thank you very much again!

Fortilover · ‎05-11-2023

And now it worked perfectly :) After updateing the Fortigate to the newest version we can get E-Mail notifications. I am happy!!! Thank you very much again.

Fortilover · ‎05-12-2023

just as short info. Sometimes the websites that contain viruses could be included into Webfilter Violations if you use this feature in the Firewall Policies. Than it makes sense to create different/multiple triggers/stitches.

Trigger for High Security Alerts (Antivirus)

Nominate a Forum Post for Knowledge Article Creation