Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    Home FortiAppSec Cloud User Guide

    Settings

    Settings

    Audit Logs Export

    Enable this option to export system-level events, such as user logins and server creation, to specified log servers for individual accounts.

    Exporting logs that span the entire organizational unit is not supported.

    Server Type

    Select the destination server for exporting audit logs.

    See the following instructions for FortiAnalyzer, FortiSIEM, SysLog and ElasticSearch.

    FortiAnalyzer

    FortiAnalyzer is a powerful log management, analytics, and reporting platform that provides centralized logging and analysis, plus end-to-end visibility.

    Please note the following:

    • FortiAnalyzer is supported; however, FortiAnalyzer Cloud is not.

    • When configuring the corresponding ADOM on FortiAnalyzer, please set the Type to FortiWeb.

    • FortiAnalyzer supports assigning devices to different ADOMs, provided that each OU’s master account is associated with a distinct contract (i.e., a unique serial number).

      However, if the organization has enabled Contract Sharing Mode, all OU accounts share the same contract and serial number. In this case, FortiAnalyzer treats them as a single device, which prevents assigning them to different ADOMs.
    IP/Domain and Port Enter the IP/Domain and Port of the log server.
    Protocol Select the protocol used for log transfer.

    Server Certificate Verification

    When enabled, the system will enforces server certificate verification before it sends attack logs to the log server.
    Log Format Preview

    This box shows a preview of the log format, and is not editable.

    Log Facility Select the source facility of the logs. We only support the local use facilities which are not reserved and are available for general use.

    FortiSIEM

    FortiSIEM is an advanced Security Information and Event Management (SIEM) solution that combines advanced log and traffic analysis with performance/availability monitoring, change analysis, and accurate knowledge of the infrastructure to provide accurate threat detection, remediation, incident response and compliance reporting.

    IP/Domain and Port

    Enter the IP/Domain and Port of the log server.
    Protocol Select the protocol used for log transfer.

    Server Certificate Verification

    When enabled, the system will enforces server certificate verification before it sends attack logs to the log server.
    Log Format

    This box shows a preview of the log format, and is not editable.

    Log Facility Select the source facility of the logs. We only support the local use facilities which are not reserved and are available for general use.

    SysLog
    IP/Domain and Port Enter the IP/Domain and Port of the log server.
    Protocol Select the protocol used for log transfer.

    Server Certificate Verification

    When enabled, the system will enforces server certificate verification before it sends attack logs to the log server.
    Custom Certificate and Key
    • Off:FortiAppSec Cloud automatically retrieves the SSL certificate used to encrypt the HTTPS connections between the log server and FortiAppSec Cloud.
    • On: Manually enter the SSL certificate.

    Available only if you select SSL in Protocol.
    Client Certificate Fill in the Certificate field.
    Available only if you enabled Custom Certificate and Key.
    Private Key Fill in the Private Key field.
    Available only if you enabled Custom Certificate and Key.
    Password Enter the password of the private key.
    Available only if you enabled Custom Certificate and Key.
    Log Format
    • Default: Export logs in default format.
    • Custom: Customize the log format. All the supported parameters are listed by default. You can select the ones that you need, and delete the others.
    • Splunk: Export logs to Splunk log server.
    • CEF:0 (ArcSight): Export logs in CEF:0 format.
    • Microsoft Azure OMS: Export logs in Microsoft Azure OMS format.
    • LEEF1.0(QRadar): Export logs in LEEF1.0 format.
    Log Facility Select the source facility of the logs. We only support the local use facilities which are not reserved and are available for general use.

    ElasticSearch

    ElasticSearch is a search engine providing a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents.

    Address and Port

    Enter the address and port to access your ElasticSearch service.

    The default port for ElasticSearch service is 9200.

    User Name

    Enter the user name of the ElasticSearch service.

    Password

    Enter the password of the ElasticSearch service user.

    Notification Emails

    FortiAppSec Cloud sends notifications to your email about the information related with subscription, new features in each release, system maintenance, certificate expiration and more.

    Enable Notification Emails in General > Settings to send notification emails to your registered email address.

    Contract Sharing Mode

    When Contract Sharing Mode is enabled, all accounts within your organization will use the license from the root account, regardless of any license(s) under member accounts. This feature is ideal for Large Enterprises and Fully Managed MSSPs, allowing them to manage applications and permissions effectively through sub-member accounts.

    API Key

    FortiAppSec Cloud RESTful API requires API key authorization. You can generate the API key from the GUI directly. Please note that API key creation does not restrict only to users with write permission. Read-only users can also create an API key.

    Please note, the API key’s permissions are bound to the user who created it.

    For API documentation, see the FortiAppSec Cloud RESTful API Reference.

    Generating API Key
    1. Log into your FortiAppSec Cloud account through the Web UI.
    2. Go to General > Settings.
    3. Scroll down to API Key.
    4. Click Create. This will generate an API key ID and API key secret.

    You only have one chance to view the API key secret, so make sure you save it in a secure location. The key secret will not be stored at the back-end server.

    In the API Key table, you can see the API key ID, creation and last usage timestamps, as well as its active or deactivated status. If you encounter any security issues with the key, you have the option to deactivate it. Please note that if your API Key is leaked, we might deactivate it as a precautionary measure. Each user is limited to creating only one API key at a time. If needed, you can delete an existing API key before generating a new one.

    When using this API key, add it to the HTTP authentication header as below:

    authentication: Basic <api-key-secret>

    Please note, exceeding the limit of failed attempts (3 times) will result in a 30-minute cool down period for further requests. Failed attempts can accumulate due to the following four scenarios:

    1. Cannot find the corresponding user on FortiCloud.

    2. The API key is illegal.

    3. Do not have any valid licenses.

    4. Using a deactivated API key.

    We have implemented rate limiting, allowing a maximum of 200 requests per minute. This limit applies to both IP addresses and API keys.

    Previous
    Next

    Settings

    Settings

    Audit Logs Export

    Enable this option to export system-level events, such as user logins and server creation, to specified log servers for individual accounts.

    Exporting logs that span the entire organizational unit is not supported.

    Server Type

    Select the destination server for exporting audit logs.

    See the following instructions for FortiAnalyzer, FortiSIEM, SysLog and ElasticSearch.

    FortiAnalyzer

    FortiAnalyzer is a powerful log management, analytics, and reporting platform that provides centralized logging and analysis, plus end-to-end visibility.

    Please note the following:

    • FortiAnalyzer is supported; however, FortiAnalyzer Cloud is not.

    • When configuring the corresponding ADOM on FortiAnalyzer, please set the Type to FortiWeb.

    • FortiAnalyzer supports assigning devices to different ADOMs, provided that each OU’s master account is associated with a distinct contract (i.e., a unique serial number).

      However, if the organization has enabled Contract Sharing Mode, all OU accounts share the same contract and serial number. In this case, FortiAnalyzer treats them as a single device, which prevents assigning them to different ADOMs.
    IP/Domain and Port Enter the IP/Domain and Port of the log server.
    Protocol Select the protocol used for log transfer.

    Server Certificate Verification

    When enabled, the system will enforces server certificate verification before it sends attack logs to the log server.
    Log Format Preview

    This box shows a preview of the log format, and is not editable.

    Log Facility Select the source facility of the logs. We only support the local use facilities which are not reserved and are available for general use.

    FortiSIEM

    FortiSIEM is an advanced Security Information and Event Management (SIEM) solution that combines advanced log and traffic analysis with performance/availability monitoring, change analysis, and accurate knowledge of the infrastructure to provide accurate threat detection, remediation, incident response and compliance reporting.

    IP/Domain and Port

    Enter the IP/Domain and Port of the log server.
    Protocol Select the protocol used for log transfer.

    Server Certificate Verification

    When enabled, the system will enforces server certificate verification before it sends attack logs to the log server.
    Log Format

    This box shows a preview of the log format, and is not editable.

    Log Facility Select the source facility of the logs. We only support the local use facilities which are not reserved and are available for general use.

    SysLog
    IP/Domain and Port Enter the IP/Domain and Port of the log server.
    Protocol Select the protocol used for log transfer.

    Server Certificate Verification

    When enabled, the system will enforces server certificate verification before it sends attack logs to the log server.
    Custom Certificate and Key
    • Off:FortiAppSec Cloud automatically retrieves the SSL certificate used to encrypt the HTTPS connections between the log server and FortiAppSec Cloud.
    • On: Manually enter the SSL certificate.

    Available only if you select SSL in Protocol.
    Client Certificate Fill in the Certificate field.
    Available only if you enabled Custom Certificate and Key.
    Private Key Fill in the Private Key field.
    Available only if you enabled Custom Certificate and Key.
    Password Enter the password of the private key.
    Available only if you enabled Custom Certificate and Key.
    Log Format
    • Default: Export logs in default format.
    • Custom: Customize the log format. All the supported parameters are listed by default. You can select the ones that you need, and delete the others.
    • Splunk: Export logs to Splunk log server.
    • CEF:0 (ArcSight): Export logs in CEF:0 format.
    • Microsoft Azure OMS: Export logs in Microsoft Azure OMS format.
    • LEEF1.0(QRadar): Export logs in LEEF1.0 format.
    Log Facility Select the source facility of the logs. We only support the local use facilities which are not reserved and are available for general use.

    ElasticSearch

    ElasticSearch is a search engine providing a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents.

    Address and Port

    Enter the address and port to access your ElasticSearch service.

    The default port for ElasticSearch service is 9200.

    User Name

    Enter the user name of the ElasticSearch service.

    Password

    Enter the password of the ElasticSearch service user.

    Notification Emails

    FortiAppSec Cloud sends notifications to your email about the information related with subscription, new features in each release, system maintenance, certificate expiration and more.

    Enable Notification Emails in General > Settings to send notification emails to your registered email address.

    Contract Sharing Mode

    When Contract Sharing Mode is enabled, all accounts within your organization will use the license from the root account, regardless of any license(s) under member accounts. This feature is ideal for Large Enterprises and Fully Managed MSSPs, allowing them to manage applications and permissions effectively through sub-member accounts.

    API Key

    FortiAppSec Cloud RESTful API requires API key authorization. You can generate the API key from the GUI directly. Please note that API key creation does not restrict only to users with write permission. Read-only users can also create an API key.

    Please note, the API key’s permissions are bound to the user who created it.

    For API documentation, see the FortiAppSec Cloud RESTful API Reference.

    Generating API Key
    1. Log into your FortiAppSec Cloud account through the Web UI.
    2. Go to General > Settings.
    3. Scroll down to API Key.
    4. Click Create. This will generate an API key ID and API key secret.

    You only have one chance to view the API key secret, so make sure you save it in a secure location. The key secret will not be stored at the back-end server.

    In the API Key table, you can see the API key ID, creation and last usage timestamps, as well as its active or deactivated status. If you encounter any security issues with the key, you have the option to deactivate it. Please note that if your API Key is leaked, we might deactivate it as a precautionary measure. Each user is limited to creating only one API key at a time. If needed, you can delete an existing API key before generating a new one.

    When using this API key, add it to the HTTP authentication header as below:

    authentication: Basic <api-key-secret>

    Please note, exceeding the limit of failed attempts (3 times) will result in a 30-minute cool down period for further requests. Failed attempts can accumulate due to the following four scenarios:

    1. Cannot find the corresponding user on FortiCloud.

    2. The API key is illegal.

    3. Do not have any valid licenses.

    4. Using a deactivated API key.

    We have implemented rate limiting, allowing a maximum of 200 requests per minute. This limit applies to both IP addresses and API keys.

    Previous
    Next