🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Fortinet FortiWeb Integration Guide

integrations network fortinet


Fortinet FortiWeb should be configured to send logs via syslog to the Taegis™ XDR Collector. Please follow the instructions in the documentation provided by Fortinet to configure syslog settings, configure triggers, and configure logging with the trigger applied.

Connectivity Requirements

Source Destination Port/Protocol
Forinet FortiWeb Taegis™ XDR Collector (mgmt IP) UDP/514

Data Provided from Integrations

  Auth DNS HTTP Management Netflow NIDS Process Thirdparty
Fortinet FortiWeb         D     V

Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections

Note

Taegis™ XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.

Configuration Instructions

To configure your Fortinet FortiWeb to send logs to Secureworks® Taegis™ XDR, complete these steps:

  1. Follow the instructions provided by Fortinet to configure syslog settings in this article. Consider the following requirements when completing the configuration steps:

    • IP Address — The IP address of the Taegis™ XDR Collector
    • Port — 514
    • Enable CSV Format — Do not enable this setting
    • Enable TLS — Do not enable this setting

Important

Do not mark the Enable CSV Format as we use key-value pairs to parse the logs.

  1. Next, follow the instructions to configure a trigger in this article, selecting the syslog policy created in the preceding step as the New Trigger Policy.

  2. Finally, follow the instructions to configure logging in this article. Consider the following requirements when completing the configuration steps:

    • Trigger Policy — The trigger policy created in the preceding step
    • Log Level — Information

 

On this page: