Servers

You can set up SMTP servers and Syslog servers in the system to enable event notifications to be sent via email and/or logged on an SIEM. You can also set up FortiGate firewalls to send firewall policy suggestions to FortiGate based on the OT Security network events.

SMTP Servers

To enable sending event notifications via email to the relevant parties you need to set up an SMTP Server in the system. If you do not set up an SMTP server, the system cannot send out email notifications whenever events are generated. Under any circumstances, all events can be viewed in the Management Console (user interface) on the Events screen.

To set up an SMTP server:

  1. Go to Local Settings > Servers > SMTP Servers.

  2. Click Add SMTP Server.

    The SMTP Servers configuration window appears.

  3. In the Server Name box, type the name of an SMTP server you want to use for email notifications.

  4. In the Hostname\IP box, type a hostname or an IP address of the SMTP server.

  5. In the Port box, type the port number on which the SMTP server listens for the Events (Default: 25).

  6. In the Sender Email Address box, type an email address that is shown as the sender of the Event notification email.

  7. (Optional)In the Username and Password boxes, type a username and password that is used to access the SMTP server.

  8. To send a test email to verify that the configuration was successful, click Send Test Email, then type the email address to send to and check the inbox to see if the email arrived. If the email did not arrive, then troubleshoot to discover the cause of the problem and correct it.

  9. Click Save.

    You can set up additional SMTP Servers by repeating the procedure.

Syslog Servers

To enable collection of log events on an external server you need to set up a Syslog Server in the system. If you do not want to set up a Syslog Server, then the event logs are saved only on the OT Security platform.

To set up a Syslog server:

  1. Go to Local Settings >Servers > Syslog Servers.

  2. Click + Add Syslog Server. The Syslog Servers configuration window appears.

  3. In the Server Name box, type the name of a Syslog Server you want to use for logging system events.

  4. In the Hostname\IP box, type a hostname or an IP address of the Syslog server.

  5. In the Port box, type the port number on the Syslog server to which the events are sent. Default: 514

  6. In the Transport drop-down box, select the transport protocol to be used. Options are TCP or UDP.

  7. To send a test message to verify that the configuration was successful, click Send Test Message, and check if the message has arrived. If the message did not arrive, then troubleshoot to discover the cause of the problem and correct it.

  8. (Optional) Select the Send keep alive message every 10m0s option to check the connection at frequent intervals.

  9. (Optional) For TCP syslog, select the Allow syslog message caching option to cache events when the connection is disrupted and to send them once the connection is restored.

    Note: UDP syslog messages do not have any state awareness and may be lost if the connection is interrupted.
  10. Click Save.

    You can set up additional Syslog Servers by repeating the procedure.

FortiGate Firewalls

To set up a FortiGate server:

  1. Go to Local Settings > Servers > FortiGate Firewalls.

  2. Click Add Firewall.

    The Add FortiGate Firewall configuration window appears.

  3. In the Server Name box, type the name of a FortiGate Server you want to use.

  4. In the Host/IP box, type a hostname or an IP address of the FortiGate server.

  5. In the API Key box, type the API token you generated from FortiGate.

    Note: For instructions on generating a FortiGate API token, see: https://registry.terraform.io/providers/fortinetdev/fortios/latest/docs/guides/fgt_token.
  6. Click Add.

    OT Security creates the FortiGate Firewall server.

    Note: For the source address (which is needed to ensure the API token can only be used from trusted hosts), use your OT Security unit IP address.

    When creating an Administrator profile for OT Security, make sure to apply access permissions according to the following settings: