Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Meshugana
New Contributor

We want it all....all of it....but not in our inboxes

Hi everybody,

 

I'm looking for a bit of a sanity check (on me and the requirements I'm dealing with). 

I've been tasked to have a look at the reporting coming out of the FD600's where using in conjunction with the Fortianalyzer. 

 

The Fortigates are currently used purely for monitoring in our environment (web company) and are sitting behind the firewalls (or to the side really) to monitor all the traffic , regardless of whether or not it's relevant to us or we even own the hardware the attacks are aimed at (CCTV and BAC systems) so the security profile contains everything. 

 

However there is also a requirement to have targeted realtime alerting for stuff which is relevant to us while at the same time having a log of everything. 

 

From my (admittedly new and limited) understanding this is simply not possible? We configure the security profile with what's relevant to us and then have it alert on the relevant threat levels and categories? 

 

Could someone point me in the right direction here? Have I overlooked anything? 

 

Many thanks in advance from this confused (but also fascinated) noob

 

1 Solution
Dave_Hall

Take a look at the Event handlers section of the Administration Guide for the FortiAnalyzer. 

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
3 REPLIES 3
Toshi_Esumi
SuperUser
SuperUser

I don't know if FortiAnalyzer side has alert email service. But at least the FGT has below alert email feature:

https://help.fortinet.com/fadc/4-5-1/olh/Content/FortiADC/handbook/alert.htm

I'm not sure the filter categories are granular enough for your requirement though.

Dave_Hall

Take a look at the Event handlers section of the Administration Guide for the FortiAnalyzer. 

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
lobstercreed

So I'm very late to the party on this, but I just found Event Handlers within the last month or so and have been using the heck out of them.  Very cool feature.  I especially like it for a lot of the syslog traffic I'm sending from my network devices...I can get alerted when certain strings appear in those logs as well.

 

I think that would address OP's needs, or if it didn't, there's probably nothing that would.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors