Hub
Email

Fortinet FortiMail

FortiMail email security gateway — mail statistics, SMTP protocol events, antispam verdict (clean/spam/phishing), antivirus scanning with quarantine actions, and system administration logs.

View on GitHub

Quick Start

uv tool install eventum-generator
git clone https://github.com/eventum-generator/content-packs.git
cd content-packs
eventum generate \
  --path generators/fortinet-fortimail/generator.yml \
  --id fml \
  --live-mode true

Event Types

Event IDDescriptionFrequencyCategory
stats-clean-inboundClean inbound email accepted~27.9%email
stats-spam-rejectedSpam blocked at gateway~13.9%email
stats-clean-outboundClean outbound email delivered~12.5%email
event-smtp-receiveSMTP incoming message received~10.5%email
event-smtp-deliverSMTP outbound delivery~10.5%email
spam-detectionSpam detection reason details~7%email
stats-auth-failureSPF/DKIM/DMARC failure~5.6%email
stats-spam-quarantinedSpam tagged or quarantined~4.2%email
event-smtp-tlsSTARTTLS negotiation~3.5%email
kevent-admin-loginAdmin login/logout events~1.7%authentication
kevent-system-updateFortiGuard DB updates~1%configuration
virus-infectedVirus/malware detection~0.3%malware

Realism Features

  • Weighted event distribution matching production FortiMail (~65% statistics, ~25% SMTP, ~7% spam, ~3% system)
  • Correlated spam sessions — detection logs share session IDs with corresponding statistics events
  • 8+ spam classifiers (FortiGuard AntiSpam, DNSBL, SURBL, Heuristic, Banned Word)
  • TLS certificate diversity — Google Trust Services, DigiCert, Let's Encrypt, SwissSign
  • Monotonic type-prefixed log IDs matching authentic FortiMail patterns
  • 50+ email subjects across 5 categories (business, automated, newsletter, spam, phishing)

Sample Output

{
    "@timestamp": "2026-02-21T14:30:15.123456+00:00",
    "event": {
        "code": "0200004500",
        "dataset": "fortinet_fortimail.log",
        "outcome": "success"
    },
    "email": {
        "direction": "in",
        "from": { "address": ["jdoe@gmail.com"] },
        "subject": "Q4 Financial Report - Final Review",
        "to": { "address": ["j.smith@company.com"] }
    },
    "fortinet_fortimail": {
        "log": {
            "classifier": "Not Spam",
            "disposition": "Accept",
            "type": "statistics"
        }
    },
    "observer": { "product": "FortiMail", "vendor": "Fortinet" }
}

Parameters

ParameterDefaultDescription
hostnamefml-01FortiMail appliance hostname
domaincompany.comProtected email domain
device_idFEVM02TM24000001FortiMail serial number
device_ip198.51.100.10FortiMail receiving IP
agent_idb3a1c4d5-...Elastic Agent ID
agent_version8.17.0Elastic Agent version

Related Generators

Email

Microsoft Exchange Message Tracking

Exchange Server 2019 message tracking — SMTP receive/send, mailbox delivery, transport routing, shadow redundancy, anti-spam filtering, distribution group expansion, and delivery failure DSNs.

Email

Kaspersky Secure Mail Gateway

Kaspersky Secure Mail Gateway (KSMG) ScanLogic events — anti-virus, anti-spam, anti-phishing, content filtering, mail authentication (SPF/DKIM/DMARC), KATA integration, message backup, and scan failure events in ECS-compatible JSON.

Endpoint

Windows Security Event Log

The Security channel of Windows Event Log — logon/logoff sessions, process creation, privilege escalation, account management, and audit policy changes from a 120-host Active Directory fleet.