Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Administration Guide

    Home FortiDLP FortiDLP Administration Guide

    SMTP (deprecated)

    SMTP (deprecated)

    Note

    FortiDLP's built-in cloud SMTP service will replace its on-premises SMTP service soon. For more information, including instructions on migrating to the new SMTP service, see Incident email notifications.

    If your organization uses a Simple Mail Transfer Protocol (SMTP) service, you can configure FortiDLP to send email alerts when detection and incident events occur.

    FortiDLP lets you choose how often you receive alerts to optimize your workflow, and also lets you filter by tags and risk scores.

    Rate limiting

    The FortiDLP uses the token bucket algorithm to control the rate at which email alerts are delivered. This algorithm consists of a bucket with a maximum capacity of tokens, where tokens are removed each time an email alert is sent, and slowly added back into the bucket at regular intervals of time. If the bucket is empty, alerts cannot be sent. For more information about this algorithm, click here.

    If you want to limit the rate at which alerts are delivered, you can set the Token replenish rate per hour and Max tokens fields, as described in Enabling SMTP email alerts (deprecated).

    Filtering

    FortiDLP gives you fine-grained control over the email alerts you receive—allowing you to filter detections and incidents by specific tags and risk scores.

    Example

    For example, to be alerted to tampering attempts of the FortiDLP Agent and its components, you could filter for detections that have the systemsecurity tag, which is preconfigured for our Anti-tamper (OOB) policy templates.

    Or, to only be alerted to critical incidents, you could filter for incidents that have a minimum risk score of 90.
    Previous
    Next

    SMTP (deprecated)

    SMTP (deprecated)

    Note

    FortiDLP's built-in cloud SMTP service will replace its on-premises SMTP service soon. For more information, including instructions on migrating to the new SMTP service, see Incident email notifications.

    If your organization uses a Simple Mail Transfer Protocol (SMTP) service, you can configure FortiDLP to send email alerts when detection and incident events occur.

    FortiDLP lets you choose how often you receive alerts to optimize your workflow, and also lets you filter by tags and risk scores.

    Rate limiting

    The FortiDLP uses the token bucket algorithm to control the rate at which email alerts are delivered. This algorithm consists of a bucket with a maximum capacity of tokens, where tokens are removed each time an email alert is sent, and slowly added back into the bucket at regular intervals of time. If the bucket is empty, alerts cannot be sent. For more information about this algorithm, click here.

    If you want to limit the rate at which alerts are delivered, you can set the Token replenish rate per hour and Max tokens fields, as described in Enabling SMTP email alerts (deprecated).

    Filtering

    FortiDLP gives you fine-grained control over the email alerts you receive—allowing you to filter detections and incidents by specific tags and risk scores.

    Example

    For example, to be alerted to tampering attempts of the FortiDLP Agent and its components, you could filter for detections that have the systemsecurity tag, which is preconfigured for our Anti-tamper (OOB) policy templates.

    Or, to only be alerted to critical incidents, you could filter for incidents that have a minimum risk score of 90.
    Previous
    Next