Fortinet FortiWeb Integration Guide
Fortinet FortiWeb should be configured to send logs via syslog to the Taegis™ XDR Collector. Please follow the instructions in the documentation provided by Fortinet to configure syslog settings, configure triggers, and configure logging with the trigger applied.
Connectivity Requirements ⫘
|Taegis™ XDR Collector (mgmt IP)
Data Provided from Integrations ⫘
Taegis™ XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.
Configuration Instructions ⫘
To configure your Fortinet FortiWeb to send logs to Secureworks® Taegis™ XDR, complete these steps:
Follow the instructions provided by Fortinet to configure syslog settings in this article. Consider the following requirements when completing the configuration steps:
- IP Address — The IP address of the Taegis™ XDR Collector
- Port — 514
- Enable CSV Format — Do not enable this setting
- Enable TLS — Do not enable this setting
Do not mark the Enable CSV Format as we use key-value pairs to parse the logs.
Next, follow the instructions to configure a trigger in this article, selecting the syslog policy created in the preceding step as the New Trigger Policy.
Finally, follow the instructions to configure logging in this article. Consider the following requirements when completing the configuration steps:
- Trigger Policy — The trigger policy created in the preceding step
- Log Level — Information