Fortinet black logo

Online Help

Home FortiCASB 23.2.a Online Help
23.2.a
24.1.b
24.1.a
23.4.a
23.3.a
23.2.b
23.2.a
23.1.0
22.4.0
21.4.0
21.2.0
21.1.0
20.4.1
20.4.0
20.3.0
20.2.0
20.1.0
4.2.0
4.1.0
2.1.0

Fabric Integration Configuration

Fabric Integration Configuration

Overview

As part of the Fortinet Security Fabric, FortiCASB security alerts and logs can be shared with FortiAnalyzer to leverage SaaS security context.

FortiAnalyzer is a centralized security analytics that can view all Fortinet Security Fabric products in a bird's-eye view.

The purpose of Fabric Integration is so that other Fortinet security Fabrics such as FortiGate and FortiClient can access FortiCASB's SaaS security alerts and provide more oversight.

Fabric Integration Procedures

FortiAnalyzer will be configured and added on FortiCASB to initiate fabric integration.

Follow these configuration guide to add and configure FortiAnalyzer on FortiCASB:

  1. Add FortiAnalyzer on FortiCASB
  2. Authorize FortiCASB on FortiAnalyzer

View FortiCASB Security Alerts on FortiAnalyzer

After FortiAnalyzer is configured and added on FortiCASB, FortiCASB will be recognized as a Syslog device

When Data Analysis alerts are sent to FortiAnalyzer, they will be displayed as Syslog messages.

In FortiAnalyzer, Syslog messages can be viewed in Log View > Syslog.

The Syslog details contain alert details sent from FortiCASB.

FortiCASB Syslog Message Variables Specifications:

Variable Name Description
type The type of alert sent from FortiCASB: Data Analysis, Threat Protection, or Compliance.

subtype (optional)

Subtype is the Data Analysis policy's Data Pattern Category: Personal Identity Information, Financial Information, or Malware.
devid The FortiCASB product serial number of which the alert is originated.
sessionid The alert ID of the FortiCASB security alert sent.
eventtype Event type is a static variable and will always show "FORTICASB-FINDING".
tz Time Zone of the alert sent.

docsource

The cloud application where the security alert is triggered, e.g. Salesforce, Office 365, Box, Dropbox, Google Workspace, etc.

Previous
Next

Fabric Integration Configuration

Overview

As part of the Fortinet Security Fabric, FortiCASB security alerts and logs can be shared with FortiAnalyzer to leverage SaaS security context.

FortiAnalyzer is a centralized security analytics that can view all Fortinet Security Fabric products in a bird's-eye view.

The purpose of Fabric Integration is so that other Fortinet security Fabrics such as FortiGate and FortiClient can access FortiCASB's SaaS security alerts and provide more oversight.

Fabric Integration Procedures

FortiAnalyzer will be configured and added on FortiCASB to initiate fabric integration.

Follow these configuration guide to add and configure FortiAnalyzer on FortiCASB:

  1. Add FortiAnalyzer on FortiCASB
  2. Authorize FortiCASB on FortiAnalyzer

View FortiCASB Security Alerts on FortiAnalyzer

After FortiAnalyzer is configured and added on FortiCASB, FortiCASB will be recognized as a Syslog device

When Data Analysis alerts are sent to FortiAnalyzer, they will be displayed as Syslog messages.

In FortiAnalyzer, Syslog messages can be viewed in Log View > Syslog.

The Syslog details contain alert details sent from FortiCASB.

FortiCASB Syslog Message Variables Specifications:

Variable Name Description
type The type of alert sent from FortiCASB: Data Analysis, Threat Protection, or Compliance.

subtype (optional)

Subtype is the Data Analysis policy's Data Pattern Category: Personal Identity Information, Financial Information, or Malware.
devid The FortiCASB product serial number of which the alert is originated.
sessionid The alert ID of the FortiCASB security alert sent.
eventtype Event type is a static variable and will always show "FORTICASB-FINDING".
tz Time Zone of the alert sent.

docsource

The cloud application where the security alert is triggered, e.g. Salesforce, Office 365, Box, Dropbox, Google Workspace, etc.

Previous
Next