Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Fortilover
New Contributor III

Trigger for High Security Alerts (Antivirus)

Dear Fortinet Community.

 

I have a question and cannot really find a solution for it. What a pitty I have only a Fortigate without a integrated harddrive. because of this, at the moment, I have no real logging... The logs just dissapear after some minutes...

 

At the beginning of the week we have turned on AntiVirus Scanning (Flow Based) with SSL Deep Scanning. Works perfectly I need to say :) So now I wanted to create a Trigger and Stitch and so on in order to receive an email if a user is receiving the High Security Alert. I wanted to do that becaause we have no real logs like I said before. And yes I know I could use a syslog Server. But my real question is:

 

Is it possible to create a trigger that informs me if someone wanted to download a virus?

 

With kindest regards

FortiLover :)

 

FortiGate

2 Solutions
srajeswaran

https://docs.fortinet.com/document/fortigate/7.2.0/new-features/733368/add-new-automation-triggers-f...

This is new feature on 7.2, so I believe you are on a lower version, is an upgrade possible for you?

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

Fortilover
New Contributor III

And now it worked perfectly :) After updateing the Fortigate to the newest version we can get E-Mail notifications. I am happy!!! Thank you very much again.

Unbenannt3.png

View solution in original post

8 REPLIES 8
srajeswaran
Staff
Staff

 

 

 

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

srajeswaran

Could you try using the below trigger.

 

Security Fabric ->Automation -> Trigger -> Create New ->Virus Logs

 

 

Virus-Trigger.png

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Fortilover

Dear @srajeswaran 

 

Thank you sooo much for your answer. Hmm. On my Fortigate it looks like this: Unbenannt2.png

Can you probably imagine why I do not see this? Do I need to activate a special feature, or am I missing a special licence? Could this be the case?

 

Thank you again very very much for your time :)

srajeswaran

Could be a version issue, can you confirm the OS version?

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

srajeswaran

https://docs.fortinet.com/document/fortigate/7.2.0/new-features/733368/add-new-automation-triggers-f...

This is new feature on 7.2, so I believe you are on a lower version, is an upgrade possible for you?

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Fortilover

Aaaaah. That's it. We are below 7.2. So now I will have a look if it is possible for our model to get the new version. We see a possible update message. So I think it is time to get uptodate :) Thank you so much @srajeswaran Your help is awesome. Very very much appreciated. :) I will plan the rollout for the new version update and will let you know here in the thread if this was successful :) Thank you very much again!

Fortilover
New Contributor III

And now it worked perfectly :) After updateing the Fortigate to the newest version we can get E-Mail notifications. I am happy!!! Thank you very much again.

Unbenannt3.png

Fortilover
New Contributor III

just as short info. Sometimes the websites that contain viruses could be included into Webfilter Violations if you use this feature in the Firewall Policies. Than it makes sense to create different/multiple triggers/stitches.

Labels
Top Kudoed Authors