Shadow IT Monitoring Service
The Shadow IT dashboard continuously monitors customer environments by correlating data from FortiOS and FortiCASB to discover and investigate the risk of shadow IT and remediate and control the security risks.
To use this feature, you must have a FortiCASB account subscribed for SaaS features, and a FortiCASB connector configured on FortiAnalyzer.
To view the Shadow IT dashboard:
- Go to FortiView > Monitors and select Shadow IT from the tree menu.
The Shadow IT dashboard has the following widgets:- Unsanctioned Cloud Service.
- Non-federated Users with File Access.
- File Exfiltration Detection.
- Non-federated Users with Cloud Access.
- Unsanctioned Cloud Service.
- In order for FortiAnalyzer to correlate data from FortiGate and FortiCASB to generate the log data used in the Shadow IT monitor, an administrator must configure the FortiCASB connector in FortiAnalyzer's Fabric View.
When creating or editing a FortiCASB connector, enter the following information:- Name: Enter a name for the FortiCASB connector.
- Description: (Optional) Enter a description of the connector.
-
IP/FQDN: Enter the FortiCASB FQDN for your chosen server location. The server location is selected when creating your FortiCASB account. Use
forticasb.com
for global servers oreu.forticasb.com
for EU based servers. - Token: Enter the credentials token used for authentication. To create a FortiCASB credentials token, log in to FortiCASB with your account, go to Home > Manage Company > API Setting, and click Generate New. For more information, see FortiCASB on the Fortinet Docs Library.
-
Status: Set the status to ON.
- To retrieve cloud application, users, and sensitive file information from FortiCASB on demand, an administrator can configure a playbook on FortiAnalyzer in FortiSOC. The playbook must include a task configured with the FortiCASB connector and Get Cloud Data action.