Hello community,I need some help configuring an alert for a specific
policy ID on my FortiGate device. I have a local honeypot (in VDOM) and
an IP blacklist of known command and control sites (updated every 30
minutes).When these policyID's get ANY t...
BTWif the FW rule is "accept" I get a mail after a few minutes (=event
handler works)but if I try it with a "deny" the event handler does not
get triggered
THX GrahamI tried that but I did not manage to create an event hitBut
this looks definetly the most promising.Data Selector: Set a Filter
Logdevice=Fortigate, Type=Any, Subtype=Any, Logfield=Policyid equal 213
(for testing 213 writes a log everytime ...
This is not possible. We have 3 firewalls (2 Vdom's each). We only want
to get an email for specific rules, the other deny rules are there but
we only need the logs for forensic purposes.
