FortiMail connector 6.4.2
FortiMail connector on FortiAnalyzer allows playbooks to collect information from FortiMail and take containment action.
To configure a FortiMail connector:
- Install a FortiMail device with the latest release.
- In FortiMail, create a domain and some users.
- In FortiAnalyzer, go to Fabric View > Fabric Connectors and create a FortiMail Connector.
- Go to FortiSoC > Automation > Connectors to view the actions available with the FortiMail connector. This connector supports three actions:
- Get Email Statistics
- Get Sender Reputation
- Add Sender to Blocklist
The following examples demonstrate how to create a FortiSoC playbook using FortiMail connector actions.
To create a playbook using the Get Email Statistics action:
- Go to FortiSoC > Automation > Playbook and create a new playbook from scratch.
- Create a task with the action to Get Email Statistics using the FortiMail connector. This example gets email statistics for user
u2@test1.com
. - Create a second task with the action Attach Data to Incident using the local connector, and enter an incident number.
- Save and run the playbook, and check the Playbook Monitor to confirm the playbook was run successfully.
- Go to FortiSoC > Incidents and open the incident. The recently run playbook is displayed in Executed Playbooks.
To create a playbook using the Add Sender to Blocklist action:
- Go to FortiSoC > Automation > Playbook, and create a new playbook from scratch.
- Create a task with the action Add Sender to Blocklist using the FortiMail connector. This example adds user
user4@test1.com
to the blocklist. - Save and run the playbook, and check the Playbook Monitor to confirm the playbook was run successfully.
- In FortiMail, go to Security > Block/Safe List > System > Block List.
user4@test1.com
has been added to the block list.