Version: FortiMail v6.0 and Above Version.
FortiMail is an email security gateway product that monitors email messages on behalf of an organization to identify messages that contain malicious content, including spam, malware, and phishing attempts.
FortiMail can be integrated with Netsurion Open XDR using Syslog. With the help of FortiMail KP items, we can monitor the spam, and virus happening on mail servers and also trigger the alert whenever any virus and spam detected. Netsurion Open XDR dashboard will help you to visualize the malicious activities happening mail servers. It can even create the report which helps to collection malicious activities happening on mail servers on time bases which help you to review the malicious activities. Netsurion Open XDR CIM will help you to correlate the malicious activities with another log source like a virus, spam events, etc.
Netsurion Data Source Integrations for FortiMail allows you to monitor the following components:
- Security – FortiMail – Spam detected, and FortiMail – virus detected.
- Compliance – FortiMail – user login success and login failure, FortiMail – encrypted email activities, and Fortimail – email filter.
Once FortiMail is configured to deliver events to Netsurion Open XDR manager; knowledge objects and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
|Security||FortiMail – Virus detected||This alert will trigger whenever the virus is detected in email attachments.|
|Security||FortiMail – Spam detected||This alert will trigger whenever FortiMail detects spam in the email.|
|Compliance||FortiMail – User login failure||This alert will trigger whenever the user login fails.|
|Security||FortiMail – Virus detected||This report provides information when FortiMail detects malicious attachments in the email.|
|Security||FortiMail – Spam detected||This report provides information related to FortiMail detected malicious URL’s in the mail.|
|Compliance||FortiMail – User login success and login failure||This report provides information related to the user login success and user login failure.|
|Compliance||FortiMail – Encrypted email activities||This report provides information related to the encrypted emails for the secure reading.|
|Compliance||FortiMail – Email filter||This report provides information related to user-created filters for detecting malicious activities.|
The configuration details are consistent with Netsurion Open XDR 9.x and later, and FortiMail.