FortiGate Alerting. Stay informed while Firelytics watches your FortiGate when you can’t
FortiGate Real-time Alerts
Firelytics is your watchful eyes on your FortiGate, alerting you to exactly the types of events that are relevant to your organization’s network security. The types of alerting and the combinations of criteria, filters and time frames is limited only by the complexity of your requirements. Firelytics firewall log analyzer natively includes the ability to trigger alerts and log alerts for instant inspection.
Firelytics Fortigate Alerting works identically to creating dashboard widgets, that is, it’s dead simple! The formulation of alert criteria follows the same process: Select the FortiGate, select the Log Type (Web Filter, IDS/IPS, Anti-spam, Anti-virus, Application Control, VPN and more), and what specific metric or dimension you wish to track. Then tell Firelytics how many events you wish to trigger a threshold and in how long.
You can filter the alerting criteria based on any dimension, including source and destination IP Addresses, source or destination ports, domain names, users, message contents, Fortinet Fortiguard content categories, virus or attack signature descriptions, and much more. There are no limits to the types of real-time alerting and monitoring templates you can create, it is completely configurable based on your needs.
Alerts are generated in real-time and are clearly rendered on your Firelytics dashboard. You can see the current alert count as an unmistakable red box, and inspecting the list of recent alerts is always single click away. Fortigate alerting notifications can also be configured to be sent by email, or now also by Twitter Direct Message (DM), so that you can receive alerts in a place where you may be following various operation all status Twitter feeds.
Analyze Your Results!
The alert notification is not the end of the process, it is the beginning. Your in-app listing of alerts are all linked to their contextual event data. Meaning, a single click on an alert list item will instantly open an “Analyze” view of those particular parameters, for that specific firewall, during a useful time range in the event logs history. You can open this view and instantly see the events preceding the alert and use this information to aid in your event response process.