Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.2.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiCNAPP Administration Guide
    26.2.0
    26.2.0

    Sumo Logic alert channel

    Sumo Logic alert channel

    A FortiCNAPP Amazon CloudWatch alert channel can forward FortiCNAPP alerts through CloudWatch. You can define a rule to send alerts to a specified target using Amazon SNS (Simple Notification Service), and subscribe a Sumo Logic custom app endpoint to the SNS topic. FortiCNAPP alerts are sent using SNS subscription to your Sumo Logic custom app endpoint where you can view alert data in Sumo Logic.

    Creating a FortiCNAPP alert channel

    Configure a FortiCNAPP alert channel with Amazon CloudWatch.

    Setting up an SNS topic

    To set up an SNS topic:
    1. In the AWS Console, navigate to SNS, and select Topics.
    2. Click Create new topic and provide a Topic name and Display name.
    3. In AWS, navigate to CloudWatch.
    4. Under Events > Rules, select the rule you created with the Amazon CloudWatch integration.
    5. In the top right, select Actions > Edit to bring up the rule and target page. On the left, you should see the custom event pattern you configured when setting up CloudWatch. On the right, you should see where you can configure your targets.
    6. Select Add target.
    7. In the Target dropdown, select SNS topic.
    8. In the Topic dropdown, select the SNS topic you configured to receive FortiCNAPP events.
    9. (Optional) Under Configure input, select Part of the matched event and input the following: $.detail

    Configuring a Sumo Logic HTTP endpoint

    To configure a Sumo Logic HTTP endpoint:
    1. In Sumo Logic, navigate to Manage Data > Collection.
    2. In the top right, click Add Collector.
    3. Select Hosted Collector.
    4. Provide a name, for example, HTTP, and optional description, category, and time zone. Click Save to create your collector.
    5. Add a data source to your collector by proceeding or clicking Add source.
    6. Under Cloud APIs, select HTTP Logs & Metrics.
    7. Provide a name for your source as well as optional configuration. For additional information about configuring a source and options, see Add a Source in the Sumo Logic documentation.
    8. Click Save.

    This generates an HTTP source address. This address is the endpoint you subscribe to the previously configured SNS topic.

    Subscribing a Sumo Logic HTTP endpoint to SNS topic

    To subscribe a Sumo Logic HTTP endpoint to SNS topic:
    1. In the AWS Console, navigate to SNS, and select Topics.
    2. Go into the SNS topic by clicking the ARN of the topic that was created in the previous procedure.
    3. Under Subscriptions, click Create subscription.
      1. The Topic ARN should be populated with the ARN of your SNS topic.
      2. For protocol, select HTTPS.
      3. For endpoint, input the HTTP source address url generated when creating your Sumo Logic HTTP endpoint.
    4. This initializes the configuration for Lacework events to be sent through CloudWatch to the SNS topic subscribed to by the Sumo Logic HTTP endpoint. Upon subscription, complete the verification by navigating to an event sent into Sumo Logic and clicking the URL to confirm subscription.

    Configuring SNS to send raw message delivery

    To configure SNS to send raw message delivery:
    1. In AWS > SNS, click into the ARN to select your topic.
    2. Under Subscriptions, click Other subscription actions and select Edit subscription attributes.
    3. Select the raw message delivery checkbox and click Set subscription attributes.
    Previous
    Next

    Sumo Logic alert channel

    Sumo Logic alert channel

    A FortiCNAPP Amazon CloudWatch alert channel can forward FortiCNAPP alerts through CloudWatch. You can define a rule to send alerts to a specified target using Amazon SNS (Simple Notification Service), and subscribe a Sumo Logic custom app endpoint to the SNS topic. FortiCNAPP alerts are sent using SNS subscription to your Sumo Logic custom app endpoint where you can view alert data in Sumo Logic.

    Creating a FortiCNAPP alert channel

    Configure a FortiCNAPP alert channel with Amazon CloudWatch.

    Setting up an SNS topic

    To set up an SNS topic:
    1. In the AWS Console, navigate to SNS, and select Topics.
    2. Click Create new topic and provide a Topic name and Display name.
    3. In AWS, navigate to CloudWatch.
    4. Under Events > Rules, select the rule you created with the Amazon CloudWatch integration.
    5. In the top right, select Actions > Edit to bring up the rule and target page. On the left, you should see the custom event pattern you configured when setting up CloudWatch. On the right, you should see where you can configure your targets.
    6. Select Add target.
    7. In the Target dropdown, select SNS topic.
    8. In the Topic dropdown, select the SNS topic you configured to receive FortiCNAPP events.
    9. (Optional) Under Configure input, select Part of the matched event and input the following: $.detail

    Configuring a Sumo Logic HTTP endpoint

    To configure a Sumo Logic HTTP endpoint:
    1. In Sumo Logic, navigate to Manage Data > Collection.
    2. In the top right, click Add Collector.
    3. Select Hosted Collector.
    4. Provide a name, for example, HTTP, and optional description, category, and time zone. Click Save to create your collector.
    5. Add a data source to your collector by proceeding or clicking Add source.
    6. Under Cloud APIs, select HTTP Logs & Metrics.
    7. Provide a name for your source as well as optional configuration. For additional information about configuring a source and options, see Add a Source in the Sumo Logic documentation.
    8. Click Save.

    This generates an HTTP source address. This address is the endpoint you subscribe to the previously configured SNS topic.

    Subscribing a Sumo Logic HTTP endpoint to SNS topic

    To subscribe a Sumo Logic HTTP endpoint to SNS topic:
    1. In the AWS Console, navigate to SNS, and select Topics.
    2. Go into the SNS topic by clicking the ARN of the topic that was created in the previous procedure.
    3. Under Subscriptions, click Create subscription.
      1. The Topic ARN should be populated with the ARN of your SNS topic.
      2. For protocol, select HTTPS.
      3. For endpoint, input the HTTP source address url generated when creating your Sumo Logic HTTP endpoint.
    4. This initializes the configuration for Lacework events to be sent through CloudWatch to the SNS topic subscribed to by the Sumo Logic HTTP endpoint. Upon subscription, complete the verification by navigating to an event sent into Sumo Logic and clicking the URL to confirm subscription.

    Configuring SNS to send raw message delivery

    To configure SNS to send raw message delivery:
    1. In AWS > SNS, click into the ARN to select your topic.
    2. Under Subscriptions, click Other subscription actions and select Edit subscription attributes.
    3. Select the raw message delivery checkbox and click Set subscription attributes.
    Previous
    Next