FortiMail OverviewResources Applies To: FortiMail v6.0 and Above Version. Overview FortiMail is an email security gateway product that monitors email messages on behalf of an organization to identify messages that contain malicious content, including spam, malware, and phishing attempts. FortiMail can be integrated with EventTracker using Syslog. With the help of FortiMail KP items, we can monitor the spam, and virus happening on mail servers and also trigger the alert whenever any virus and spam detected. EventTracker dashboard will help you to visualize the malicious activities happening mail servers. It can even create the report which helps to collection malicious activities happening on mail servers on time bases which help you to review the malicious activities. EventTracker CIM will help you to correlate the malicious activities with another log source like a virus, spam events, etc. EventTracker Knowledge Pack for FortiMail allows you to monitor the following components: Security - FortiMail: Spam detected, and FortiMail – virus detected. Compliance - FortiMail: user login success and login failure, FortiMail – encrypted email activities, and Fortimail – email filter. Previous Next Once FortiMail is configured to deliver events to EventTracker manager; knowledge objects and reports can be configured into EventTracker. Some of the knowledge packs available in EventTracker are listed below. For more information, refer to the Integration Guide. Security Alerts FortiMail: Virus detected – This alert will trigger whenever the virus is detected in email attachments. FortiMail: Spam detected – This alert will trigger whenever FortiMail detects spam in the email. Reports FortiMail – Virus detected – This report provides information when FortiMail detects malicious attachments in the email. FortiMail – Spam detected – This report provides information related to FortiMail detected malicious URL’s in the mail. Compliance Alerts FortiMail: User login failure – This alert will trigger whenever the user login fails. Reports FortiMail – User login success and login failure - This report provides information related to the user login success and user login failure. FortiMail – Encrypted email activities - This report provides information related to the encrypted emails for the secure reading. FortiMail – Email filter – This report provides information related to user-created filters for detecting malicious activities. Scope The configurations detailed in this guide are consistent with EventTracker version 9.x and later, and FortiMail v6.0 and above version. Documentation To configure FortiMail to send logs to EventTracker, refer the How to Guide. For more information, please refer the FortiMail Integration guide.