fortinet/fortimail
| Vendor | Fortinet Inc. |
| Author | CrowdStrike |
| Version | 1.1.0 |
| Minimum LogScale Version | 1.142.0 |
| Use Cases | ITOps SecOps |
Fortinet FortiMail logs provide information on network email activity that help identify security issues such as viruses detected within an email. FortiMail units can log many different email activities and traffic, including:
system-related events, such as system restarts and HA activity
virus detections
spam filtering results
POP3, SMTP, IMAP and webmail events
Using FortiMail with LogScale enables users to correlate email and user activity data in LogScale, correlate data with Office365 logs, and identify and update a list of suspicious activities. This provides additional value, particularly if FortiGate is already set up to ingest into LogScale and user's pipelines are set up with FortiNet Analyzer.
Breaking Changes
This update includes parser changes, which means that data ingested after upgrade will not be backwards compatible with logs ingested with the previous version.
Updating to version 1.0.0 or newer will therefore result in issues with existing queries in for example dashboards or alerts created prior to this version.
See CrowdStrike Parsing Standard (CPS) 1.0 for more details on the new parser schema.
Follow the CPS Migration to update your queries to use the fields and tags that are available in data parsed with version 1.0.0.