Fortigate Automations & Alerts

Fortigate has added Automations to allow custom alerting

Security Fabric, Automation, Create New

Another great alerts:

Another DHCP server sent DHCP offer (Rogue DHCP server)
Authentication Lockout (If you have Local accounts for VPN)
Disk Full
DHCP Server sent DHCP OFFER
Interface Status Changed (also sends msg when a VPN interface changes state)
IPSec Phase 2 Error / Negotiate IPSec Phase 2 Error
Memory Conserve Mode Entered / Exited
Temperature Too High
Configuration Changed (don’t enable this until you have tuned your other alerts)

User Quarantine MAC Added (this one is very chatty, add to a single Fortigate and monitor)

Cool Beans Fortinet.