Helpful ReplyHot!We want it all....all of it....but not in our inboxes

Author
Meshugana
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/01/29 07:44:08
  • Status: offline
2020/01/29 07:54:45 (permalink)
0

We want it all....all of it....but not in our inboxes

Hi everybody,
 
I'm looking for a bit of a sanity check (on me and the requirements I'm dealing with). 
I've been tasked to have a look at the reporting coming out of the FD600's where using in conjunction with the Fortianalyzer. 
 
The Fortigates are currently used purely for monitoring in our environment (web company) and are sitting behind the firewalls (or to the side really) to monitor all the traffic , regardless of whether or not it's relevant to us or we even own the hardware the attacks are aimed at (CCTV and BAC systems) so the security profile contains everything. 
 
However there is also a requirement to have targeted realtime alerting for stuff which is relevant to us while at the same time having a log of everything. 
 
From my (admittedly new and limited) understanding this is simply not possible? We configure the security profile with what's relevant to us and then have it alert on the relevant threat levels and categories? 
 
Could someone point me in the right direction here? Have I overlooked anything? 
 
Many thanks in advance from this confused (but also fascinated) noob
 
#1
Toshi Esumi
Expert Member
  • Total Posts : 2088
  • Scores: 190
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: We want it all....all of it....but not in our inboxes 2020/01/29 11:12:41 (permalink)
0
I don't know if FortiAnalyzer side has alert email service. But at least the FGT has below alert email feature:
https://help.fortinet.com/fadc/4-5-1/olh/Content/FortiADC/handbook/alert.htm
I'm not sure the filter categories are granular enough for your requirement though.
#2
Dave Hall
Expert Member
  • Total Posts : 1673
  • Scores: 174
  • Reward points: 0
  • Joined: 2012/05/11 07:55:58
  • Location: Canada
  • Status: online
Re: We want it all....all of it....but not in our inboxes 2020/01/29 11:34:29 (permalink) ☄ Helpfulby lobstercreed 2020/05/19 08:18:37
0
Take a look at the Event handlers section of the Administration Guide for the FortiAnalyzer. 
 
 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
#3
lobstercreed
Gold Member
  • Total Posts : 192
  • Scores: 23
  • Reward points: 0
  • Joined: 2018/11/28 14:57:58
  • Location: Sedalia, MO
  • Status: offline
Re: We want it all....all of it....but not in our inboxes 2020/05/19 08:20:03 (permalink)
0
So I'm very late to the party on this, but I just found Event Handlers within the last month or so and have been using the heck out of them.  Very cool feature.  I especially like it for a lot of the syslog traffic I'm sending from my network devices...I can get alerted when certain strings appear in those logs as well.
 
I think that would address OP's needs, or if it didn't, there's probably nothing that would.
#4
Jump to:
© 2020 APG vNext Commercial Version 5.5