Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Administration Guide

    Home FortiDLP FortiDLP Administration Guide

    Enabling SMTP email alerts (deprecated)

    Enabling SMTP email alerts (deprecated)

    To enable an email alert, follow these steps.

    How to enable an email alert
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Click SMTP.
    3. In the Simple Mail Transfer Protocol (SMTP) config section, do the following:
      1. In the Host field, type the hostname of the SMTP server.
      2. In the Port field, type the port number of the SMTP server.
      3. In the From address field, type an email address to display in the sender field of alerts.
        4. Example

        For example, noreply@example.com.

      4. In the From name field, type a name to display in the sender field of alerts. For example, FortiDLP.
      5. Optionally, if your SMTP host requires authentication:
        1. In the Username field, type the username of the SMTP email account.
        2. Note For Microsoft 365 configurations, the Username must be set to the same value as the From address.
        3. In the Password field, type the password of the SMTP email account.
          NoteMicrosoft 365 and Gmail require an application-specific password to be used if two-factor authentication (2FA) is enabled. For more information, refer to the Microsoft 365 and Gmail documentation.
      6. Click Save.
    4. Click Create new email alert.
    5. In the Create new email alert dialog box, do the following:
      1. In the To address field, type the email address to send alerts to.
      2. In the Subject field, type a string to display in the subject line of alerts.
      3. In the Event type menu, do one of the following:
        • To be notified of detections:
          1. In the Event type menu, select Detection.
          2. Optionally, to apply filters:
            1. In the Tags field, type one or more tags to filter by, separated by a space.
            2. In the Filter type menu:
              • To be notified of detections that have any of the chosen tags, select Any tag.
              • To be notified of detections that have all of the chosen tags, select All tags.
            3. In the Minimum risk score field, type a minimum risk score between 0–100 to filter by.
        • To be notified of incidents:
          1. In the Event type menu, select Incident.
          2. Turn the relevant toggles on to be notified when:
            • An incident is created
            • An incident is deactivated
            • A detection is generated by a new user (for an incident)
            • A detection is generated by a new node (for an incident).
          3. Optionally, in the Minimum risk score field, type a minimum risk score between 0–100 to filter by.
      4. Optionally, in the Token replenish rate per hour field, type a number to limit the rate at which alerts are sent.
        5. Example

        For example, setting this field to 60 would enable email alerts to be sent no more than once per minute. Leaving the default value of 0 would allow email alerts to be sent each time a detection/incident occurs.

      5. Optionally, in the Max tokens field, type a value to limit the number of alerts sent, considering the Token replenish rate per hour.
        6. Example

        For example, setting this field to 10 and the Token replenish rate per hour to 60 would enable FortiDLP to send no more than 10 email alerts at once (in a burst), and no more than one email alert per minute on average.

      6. Click Create.
    6. Optionally, to test the configuration:
      1. Click the table row of the email alert you enabled.
      2. At the bottom of the panel, click Send.

    To create multiple email alerts, repeat steps 4–6.

    Previous
    Next

    Enabling SMTP email alerts (deprecated)

    Enabling SMTP email alerts (deprecated)

    To enable an email alert, follow these steps.

    How to enable an email alert
    1. In the FortiDLP Console, on the left-hand sidebar, click .
    2. Click SMTP.
    3. In the Simple Mail Transfer Protocol (SMTP) config section, do the following:
      1. In the Host field, type the hostname of the SMTP server.
      2. In the Port field, type the port number of the SMTP server.
      3. In the From address field, type an email address to display in the sender field of alerts.
        4. Example

        For example, noreply@example.com.

      4. In the From name field, type a name to display in the sender field of alerts. For example, FortiDLP.
      5. Optionally, if your SMTP host requires authentication:
        1. In the Username field, type the username of the SMTP email account.
        2. Note For Microsoft 365 configurations, the Username must be set to the same value as the From address.
        3. In the Password field, type the password of the SMTP email account.
          NoteMicrosoft 365 and Gmail require an application-specific password to be used if two-factor authentication (2FA) is enabled. For more information, refer to the Microsoft 365 and Gmail documentation.
      6. Click Save.
    4. Click Create new email alert.
    5. In the Create new email alert dialog box, do the following:
      1. In the To address field, type the email address to send alerts to.
      2. In the Subject field, type a string to display in the subject line of alerts.
      3. In the Event type menu, do one of the following:
        • To be notified of detections:
          1. In the Event type menu, select Detection.
          2. Optionally, to apply filters:
            1. In the Tags field, type one or more tags to filter by, separated by a space.
            2. In the Filter type menu:
              • To be notified of detections that have any of the chosen tags, select Any tag.
              • To be notified of detections that have all of the chosen tags, select All tags.
            3. In the Minimum risk score field, type a minimum risk score between 0–100 to filter by.
        • To be notified of incidents:
          1. In the Event type menu, select Incident.
          2. Turn the relevant toggles on to be notified when:
            • An incident is created
            • An incident is deactivated
            • A detection is generated by a new user (for an incident)
            • A detection is generated by a new node (for an incident).
          3. Optionally, in the Minimum risk score field, type a minimum risk score between 0–100 to filter by.
      4. Optionally, in the Token replenish rate per hour field, type a number to limit the rate at which alerts are sent.
        5. Example

        For example, setting this field to 60 would enable email alerts to be sent no more than once per minute. Leaving the default value of 0 would allow email alerts to be sent each time a detection/incident occurs.

      5. Optionally, in the Max tokens field, type a value to limit the number of alerts sent, considering the Token replenish rate per hour.
        6. Example

        For example, setting this field to 10 and the Token replenish rate per hour to 60 would enable FortiDLP to send no more than 10 email alerts at once (in a burst), and no more than one email alert per minute on average.

      6. Click Create.
    6. Optionally, to test the configuration:
      1. Click the table row of the email alert you enabled.
      2. At the bottom of the panel, click Send.

    To create multiple email alerts, repeat steps 4–6.

    Previous
    Next