This page includes:
About SIEM integration
You can integrate FortiMail Workspace Security with various SIEM [Security Information and Event Management] solutions, such as FortiSIEM, Splunk, QRadar, and Wazuh. This lets you use your SIEM solution to monitor system event logs, and the scans that are performed by FortiMail Workspace Security in your organization. This, in turn, enables you to perform tasks such as monitoring and flagging emails that have been scanned, found to be malicious, and then quarantined.
There are two methods available to integrate FortiMail Workspace Security with SIEM solutions:
-
Using the FortiMail Workspace Security API: For details, see API - List scans.
-
Using syslogs: For details, see Remote Logging: Sending Syslog to a remote host.
Comparing: API vs syslog
The table below should help you decide which is the better method for implementing SIEM integration in your organization - API or syslog.
|
API |
Syslog |
|---|---|
|
Encrypted |
Can be encrypted using TLS |
|
Configurable |
Not configurable |
|
Can include all system events |
Includes scan-related events only |
|
Pull mechanism |
Push mechanism |
|
For details, see API - List scans |
For details, see Remote Logging: Sending Syslog to a remote host |
See also:
