FortiMail

Version: FortiMail v6.0 and Above Version.

FortiMail is an email security gateway product that monitors email messages on behalf of an organization to identify messages that contain malicious content, including spam, malware, and phishing attempts.

FortiMail can be integrated with Netsurion's Open XDR platform using Syslog. With the help of FortiMail KP items, we can monitor the spam, and virus happening on mail servers and also trigger the alert whenever any virus and spam detected. Netsurion's Open XDR platform dashboard will help you to visualize the malicious activities happening mail servers. It can even create the report which helps to collection malicious activities happening on mail servers on time bases which help you to review the malicious activities. Netsurion's Open XDR platform CIM will help you to correlate the malicious activities with another log source like a virus, spam events, etc.

Netsurion Data Source Integrations for FortiMail allows you to monitor the following components:

  • Security - FortiMail - Spam detected, and FortiMail - virus detected.
  • Compliance - FortiMail - user login success and login failure, FortiMail - encrypted email activities, and Fortimail - email filter.

Once FortiMail is configured to deliver events to Netsurion manager; knowledge objects and reports can be configured into Netsurion.

Some of the Data Source Integrations available in Netsurion are listed below.

Alerts

Type Name Description
Security FortiMail - Virus detected This alert will trigger whenever the virus is detected in email attachments.
Security FortiMail - Spam detected This alert will trigger whenever FortiMail detects  spam in the email.
Compliance FortiMail - User login failure This alert will trigger whenever the user login fails.

Reports

Type Name Description
Security FortiMail - Virus detected This report provides information when FortiMail detects malicious attachments in the email.
Security FortiMail - Spam detected This report provides information related to FortiMail detected malicious URL’s in the mail.
Compliance FortiMail - User login success and login failure This report provides information related to the user login success and user login failure.
Compliance FortiMail - Encrypted email activities This report provides information related  to the encrypted emails for the secure reading.
Compliance FortiMail - Email filter This report provides information related to user-created filters for detecting malicious activities.

Documentation

The configuration details are consistent with Netsurion version 9.x and later, and FortiMail v6.0 and above version.

Download FortiMail Integration Guide and How-to Guide for more information and to configuration instructions.