Skip to main content

Fortimail

Download With Dependencies

FortiMail is a comprehensive email security solution by Fortinet, offering advanced threat protection, data loss prevention, encryption, and email authentication to safeguard organizations against email-based cyber threats and protect sensitive information.

Fortimail

This pack includes Cortex XSIAM content.

Cortex XSOAR interfaces with Fortimail to increase email security.

What does this pack do?

  • Views, creates, updates, and deletes a Fortimail IP policy, Access control, and Recipient policy directly from Cortex XSOAR.
  • Views, creates, updates, and deletes a Fortimail IP and Email groups directly from Cortex XSOAR.
  • Views, creates, updates, and deletes a Fortimail IP and Email group members directly from Cortex XSOAR.
  • Views all Fortimail profiles.

Fortimail

This pack includes Cortex XSIAM content.

Configuration on Server Side

You need to configure Fortimail to forward Syslog messages.

Open the Fortimail interface, and follow these instructions Documentation:


  1. Go to Log & ReportLog SettingRemote

  2. Configure the following settings:

    Setting Description
    Status Select to enable logging to this location.
    Name Enter a unique name for this configuration.
    Server name/IP Enter the IPv4, IPv6, or domain name (FQDN) address of the Syslog server or FortiAnalyzer that will store the logs.
    Server port If the remote host is a FortiAnalyzer unit, type 514. If the remote host is a Syslog server, type the port number on which the Syslog server listens.
    Protocol Select Syslog.
    Mode Select TCP.
    Level Select the severity level that a log message must equal or exceed in order to be recorded to this storage location.
    Facility Select the facility identifier that the FortiMail unit will use to identify itself when sending log messages.
    CSV format Enable if you want to send log messages in comma-separated value (CSV) format.
  3. Click Create
  • To verify logging connectivity, from the FortiMail unit, trigger a log message that matches the types and severity levels that you have chosen to store on the remote host. Then, on the remote host, confirm that it has received that log message.

Pay Attention:
Timestamp ingestion is only available in UTC timezone (00:00) for the Date (%Y-%m-%d) and Time (%k:%M:%S) fields.
In order to change Fortimail's system time zone use the commands-

    config system time manual
    set daylight-saving-time {disable | enable}
    set zone <zone_int>
    end


For additional information, review Fortimail's System Time Manual documentation.

Collect Events from Vendor

In order to use the collector, use the Broker VM option.

Broker VM

To create or configure the Broker VM, use the information described here.

You can configure the specific vendor and product for this instance.

  1. Navigate to SettingsConfigurationData BrokerBroker VMs.
  2. Go to the Apps column under the Brokers tab and add the Syslog Collector app for the relevant broker instance. If the app already exists, hover over it and click Configure.
  3. Click Add New for adding a new syslog data source.
  4. When configuring the new syslog data source, set the following values:
    | Parameter | Value
    | :--- | :---
    | Vendor | Enter fortinet.
    | Product | Enter fortimail.

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedJanuary 6, 2024
Last ReleaseDecember 3, 2024
WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.