Fortinet FortiWeb Integration Guide
Fortinet FortiWeb should be configured to send logs via syslog to the Taegis™ XDR Collector. Please follow the instructions in the documentation provided by Fortinet to configure syslog settings, configure triggers, and configure logging with the trigger applied.
Connectivity Requirements ⫘
Source | Destination | Port/Protocol |
---|---|---|
Forinet FortiWeb | XDR Collector (mgmt IP) | UDP/514 |
Data Provided from Integrations ⫘
Auth | DNS | HTTP | Management | Netflow | NIDS | Process | Thirdparty | |
---|---|---|---|---|---|---|---|---|
Fortinet FortiWeb | D | V |
Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections
Note
XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.
Configuration Instructions ⫘
To configure your Fortinet FortiWeb to send logs to Secureworks® Taegis™ XDR, complete these steps:
-
Follow the instructions provided by Fortinet to configure syslog settings in this article. Consider the following requirements when completing the configuration steps:
- IP Address — The IP address of the XDR Collector
- Port — 514
- Enable CSV Format — Do not enable this setting
- Enable TLS — Do not enable this setting
Important
Do not mark the Enable CSV Format as we use key-value pairs to parse the logs.
-
Next, follow the instructions to configure a trigger in this article, selecting the syslog policy created in the preceding step as the New Trigger Policy.
-
Finally, follow the instructions to configure logging in this article. Consider the following requirements when completing the configuration steps:
- Trigger Policy — The trigger policy created in the preceding step
- Log Level — Information