FortiMail

Version: FortiMail v6.0 and Above Version.

FortiMail is an email security gateway product that monitors email messages on behalf of an organization to identify messages that contain malicious content, including spam, malware, and phishing attempts.

FortiMail can be integrated with Netsurion Open XDR using Syslog. With the help of FortiMail KP items, we can monitor the spam, and virus happening on mail servers and also trigger the alert whenever any virus and spam detected. Netsurion Open XDR dashboard will help you to visualize the malicious activities happening mail servers. It can even create the report which helps to collection malicious activities happening on mail servers on time bases which help you to review the malicious activities. Netsurion Open XDR CIM will help you to correlate the malicious activities with another log source like a virus, spam events, etc.

Netsurion Data Source Integrations for FortiMail allows you to monitor the following components:

  • Security – FortiMail – Spam detected, and FortiMail – virus detected.
  • Compliance – FortiMail – user login success and login failure, FortiMail – encrypted email activities, and Fortimail – email filter.

Once FortiMail is configured to deliver events to Netsurion Open XDR manager; knowledge objects and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

TypeNameDescription
SecurityFortiMail – Virus detectedThis alert will trigger whenever the virus is detected in email attachments.
SecurityFortiMail – Spam detectedThis alert will trigger whenever FortiMail detects  spam in the email.
ComplianceFortiMail – User login failureThis alert will trigger whenever the user login fails.

Reports

TypeNameDescription
SecurityFortiMail – Virus detectedThis report provides information when FortiMail detects malicious attachments in the email.
SecurityFortiMail – Spam detectedThis report provides information related to FortiMail detected malicious URL’s in the mail.
ComplianceFortiMail – User login success and login failureThis report provides information related to the user login success and user login failure.
ComplianceFortiMail – Encrypted email activitiesThis report provides information related  to the encrypted emails for the secure reading.
ComplianceFortiMail – Email filterThis report provides information related to user-created filters for detecting malicious activities.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.x and later, and FortiMail.

Download FortiMail Integration Guide and How-to Guide for configuration instructions and more information.