Hi everybody,
I'm looking for a bit of a sanity check (on me and the requirements I'm dealing with).
I've been tasked to have a look at the reporting coming out of the FD600's where using in conjunction with the Fortianalyzer.
The Fortigates are currently used purely for monitoring in our environment (web company) and are sitting behind the firewalls (or to the side really) to monitor all the traffic , regardless of whether or not it's relevant to us or we even own the hardware the attacks are aimed at (CCTV and BAC systems) so the security profile contains everything.
However there is also a requirement to have targeted realtime alerting for stuff which is relevant to us while at the same time having a log of everything.
From my (admittedly new and limited) understanding this is simply not possible? We configure the security profile with what's relevant to us and then have it alert on the relevant threat levels and categories?
Could someone point me in the right direction here? Have I overlooked anything?
Many thanks in advance from this confused (but also fascinated) noob
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Take a look at the Event handlers section of the Administration Guide for the FortiAnalyzer.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
I don't know if FortiAnalyzer side has alert email service. But at least the FGT has below alert email feature:
https://help.fortinet.com/fadc/4-5-1/olh/Content/FortiADC/handbook/alert.htm
I'm not sure the filter categories are granular enough for your requirement though.
Take a look at the Event handlers section of the Administration Guide for the FortiAnalyzer.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
So I'm very late to the party on this, but I just found Event Handlers within the last month or so and have been using the heck out of them. Very cool feature. I especially like it for a lot of the syslog traffic I'm sending from my network devices...I can get alerted when certain strings appear in those logs as well.
I think that would address OP's needs, or if it didn't, there's probably nothing that would.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
229 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.