Version:

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

FortiMail connector 6.4.2

FortiMail connector on FortiAnalyzer allows playbooks to collect information from FortiMail and take containment action.

To configure a FortiMail connector:
  1. Install a FortiMail device with the latest release.
  2. In FortiMail, create a domain and some users.
  3. In FortiAnalyzer, go to Fabric View > Fabric Connectors and create a FortiMail Connector.
  4. Go to FortiSoC > Automation > Connectors to view the actions available with the FortiMail connector. This connector supports three actions:
    • Get Email Statistics
    • Get Sender Reputation
    • Add Sender to Blocklist

The following examples demonstrate how to create a FortiSoC playbook using FortiMail connector actions.

To create a playbook using the Get Email Statistics action:
  1. Go to FortiSoC > Automation > Playbook and create a new playbook from scratch.
  2. Create a task with the action to Get Email Statistics using the FortiMail connector. This example gets email statistics for user u2@test1.com.

  3. Create a second task with the action Attach Data to Incident using the local connector, and enter an incident number.
  4. Save and run the playbook, and check the Playbook Monitor to confirm the playbook was run successfully.
  5. Go to FortiSoC > Incidents and open the incident. The recently run playbook is displayed in Executed Playbooks.
To create a playbook using the Add Sender to Blocklist action:
  1. Go to FortiSoC > Automation > Playbook, and create a new playbook from scratch.
  2. Create a task with the action Add Sender to Blocklist using the FortiMail connector. This example adds user user4@test1.com to the blocklist.
  3. Save and run the playbook, and check the Playbook Monitor to confirm the playbook was run successfully.
  4. In FortiMail, go to Security > Block/Safe List > System > Block List. user4@test1.com has been added to the block list.

FortiMail connector 6.4.2

FortiMail connector on FortiAnalyzer allows playbooks to collect information from FortiMail and take containment action.

To configure a FortiMail connector:
  1. Install a FortiMail device with the latest release.
  2. In FortiMail, create a domain and some users.
  3. In FortiAnalyzer, go to Fabric View > Fabric Connectors and create a FortiMail Connector.
  4. Go to FortiSoC > Automation > Connectors to view the actions available with the FortiMail connector. This connector supports three actions:
    • Get Email Statistics
    • Get Sender Reputation
    • Add Sender to Blocklist

The following examples demonstrate how to create a FortiSoC playbook using FortiMail connector actions.

To create a playbook using the Get Email Statistics action:
  1. Go to FortiSoC > Automation > Playbook and create a new playbook from scratch.
  2. Create a task with the action to Get Email Statistics using the FortiMail connector. This example gets email statistics for user u2@test1.com.

  3. Create a second task with the action Attach Data to Incident using the local connector, and enter an incident number.
  4. Save and run the playbook, and check the Playbook Monitor to confirm the playbook was run successfully.
  5. Go to FortiSoC > Incidents and open the incident. The recently run playbook is displayed in Executed Playbooks.
To create a playbook using the Add Sender to Blocklist action:
  1. Go to FortiSoC > Automation > Playbook, and create a new playbook from scratch.
  2. Create a task with the action Add Sender to Blocklist using the FortiMail connector. This example adds user user4@test1.com to the blocklist.
  3. Save and run the playbook, and check the Playbook Monitor to confirm the playbook was run successfully.
  4. In FortiMail, go to Security > Block/Safe List > System > Block List. user4@test1.com has been added to the block list.