Fortinet black logo

online help

Home FortiCWP 20.1.0 online help
20.1.0
22.2.a
22.1.0
21.3.0
21.2.1
21.2.0
21.1.0
20.3.0
20.2.0
20.1.0
4.4.0
4.2.0

AWS Cloud Security Integration

AWS Cloud Security Integration

FortiCWP provides AWS cloud integration where it integrates AWS Cloud security traffic data and provides real time cloud security monitoring. FortiCWP will receive security alerts from AWS security integration and informs users of probe findings.

Prerequisite

To enable AWS cloud integration with FortiCWP, Amazon Inspector, Amazon Guard Duty, and AWS Security Hub needed to be enabled for FortiCWP to gather cloud security traffic data through AWS API services. Follow these steps to enable Amazon Inspector, Amazon Guard Duty, and AWS Security Hub on Amazon AWS.

Enable Amazon Inspector:

Amazon Inspector requires administrator or user with specific role/policy to enable.

To check the credentials, follow these steps:

  1. Log in Amazon AWS console using your AWS account: https://console.aws.amazon.com/.
  2. Search and click on IAM.
  3. Click on Roles on the left menu.
  4. Search "Inspector" and click on AWSServiceRoleForAmazonInspector.
  5. Make sure AmazonInspectorServiceRolePolicy existed under permission.
  6. If not, contact your administrator to have the role/policy assigned to the user.

Once the user has Amazon Inspector role/policy, now log into Inspector to enable it.
  1. Search and click on Inspector fomr AWS Console page.
  2. Select the region which you would like to monitor on the top right corner.

  3. Click on Get Started.
  4. Click Run Weekly (recommended)button, with Network Assessments and Host Assessments selected.

  5. Click OK when asking for confirmation.

  6. Now Amazon Inspector is enabled. It will produce detailed list of security findings that is organized by level of severity.

Enable Amazon Guard Duty:

Amazon Guard Duty requires administrator or user with specific role/policy to enable. To check the credentials, follow these steps:
  1. Log in Amazon AWS console using your AWS account: https://console.aws.amazon.com/.
  2. Search and click on IAM.
  3. Click on Roles on the left menu.
  4. Search "Guard Duty" and click on AWSServiceRoleForAmazonGuardDuty.
  5. Make sure AmazonGuardDutyServiceRolePolicy existed under permission.
  6. If not, contact your administrator to have the role/policy assigned to the user.

Once the user has Amazon Guard Duty role/policy, log into Guard Duty to enable it.
  1. Search and click on GuardDuty from AWS Services Menu.
  2. Select the region to monitor on the top right corner.
  3. Choose Get Started, and then click on Enable Guard Duty.

  4. Now Guard Duty is enabled, it will start pulling streams of data from AWS CloudTrail, VPC Flow Logs, and DNS logs to generate security findings.

Enable AWS Security Hub:

Amazon Security Hub requires administrator or user with specific role/policy to enable.

To check the credentials, follow these steps:

  1. Log in Amazon AWS console using your AWS account: https://console.aws.amazon.com/.
  2. Search and click on IAM.
  3. Click on Roles on the left menu.
  4. Search "Security Hub" and click on AWSServiceRoleForSecurityHub.
  5. Make sure AWSSecurityHubServiceRolePolicy existed under permission.
  6. If not, contact your administrator to have the role/policy assigned to the user.

Once the user has Amazon Security Hub role/policy, log into Security Hub to enable it.
  1. Search and click on Security Hub from AWS Services Menu.
  2. Click on Enable Security Hub

  3. In the service permissions page, click on Enable Security Hub.

  4. After Security Hub enabled, it begins consuming, aggregating, organizing, and prioritizing findings from AWS services.

Create customized policy to add to FortiCWP role
  1. In AWS portal, click on Services drop down menu and select IAM.
  2. Click on Policies in the left menu.
  3. Click on Create Policy.
  4. Under Visual Editor, click Service > Choose a service to show the search bar.
  5. Search GuardDuty, and check on "All GuardDuty actions".

  6. For the warning received, click on Resources and check on "All resources"

  7. Click on +Add additional permissions and repeat the steps above to add Inspector and SecurityHub.
  8. Click Review policy
  9. Fill in the policy name field. (Keep the policy name for later use)
  10. Click Create policy.

Add policy to FortiCWP role
  1. Select Roles from IAM dashboard.
  2. Search and click on the Role created for FortiCWP from Role Creation.
  3. Click on Attach policies.
  4. Search and check on customized policy created from earlier.
  5. Click on Attach policy.

Now FortiCWP is able to extract security findings from Amazon Security Hub and integrate into FortiCWP alert.

Viewing AWS Cloud Security Findings in Alert

After Amazon Inspector, Amazon Guard Duty, and AWS Security Hub are enabled, FortiCWP will provide real time cloud security monitoring and display any findings in Alert. For more details, please see Alert.

Previous
Next

AWS Cloud Security Integration

FortiCWP provides AWS cloud integration where it integrates AWS Cloud security traffic data and provides real time cloud security monitoring. FortiCWP will receive security alerts from AWS security integration and informs users of probe findings.

Prerequisite

To enable AWS cloud integration with FortiCWP, Amazon Inspector, Amazon Guard Duty, and AWS Security Hub needed to be enabled for FortiCWP to gather cloud security traffic data through AWS API services. Follow these steps to enable Amazon Inspector, Amazon Guard Duty, and AWS Security Hub on Amazon AWS.

Enable Amazon Inspector:

Amazon Inspector requires administrator or user with specific role/policy to enable.

To check the credentials, follow these steps:

  1. Log in Amazon AWS console using your AWS account: https://console.aws.amazon.com/.
  2. Search and click on IAM.
  3. Click on Roles on the left menu.
  4. Search "Inspector" and click on AWSServiceRoleForAmazonInspector.
  5. Make sure AmazonInspectorServiceRolePolicy existed under permission.
  6. If not, contact your administrator to have the role/policy assigned to the user.

Once the user has Amazon Inspector role/policy, now log into Inspector to enable it.
  1. Search and click on Inspector fomr AWS Console page.
  2. Select the region which you would like to monitor on the top right corner.

  3. Click on Get Started.
  4. Click Run Weekly (recommended)button, with Network Assessments and Host Assessments selected.

  5. Click OK when asking for confirmation.

  6. Now Amazon Inspector is enabled. It will produce detailed list of security findings that is organized by level of severity.

Enable Amazon Guard Duty:

Amazon Guard Duty requires administrator or user with specific role/policy to enable. To check the credentials, follow these steps:
  1. Log in Amazon AWS console using your AWS account: https://console.aws.amazon.com/.
  2. Search and click on IAM.
  3. Click on Roles on the left menu.
  4. Search "Guard Duty" and click on AWSServiceRoleForAmazonGuardDuty.
  5. Make sure AmazonGuardDutyServiceRolePolicy existed under permission.
  6. If not, contact your administrator to have the role/policy assigned to the user.

Once the user has Amazon Guard Duty role/policy, log into Guard Duty to enable it.
  1. Search and click on GuardDuty from AWS Services Menu.
  2. Select the region to monitor on the top right corner.
  3. Choose Get Started, and then click on Enable Guard Duty.

  4. Now Guard Duty is enabled, it will start pulling streams of data from AWS CloudTrail, VPC Flow Logs, and DNS logs to generate security findings.

Enable AWS Security Hub:

Amazon Security Hub requires administrator or user with specific role/policy to enable.

To check the credentials, follow these steps:

  1. Log in Amazon AWS console using your AWS account: https://console.aws.amazon.com/.
  2. Search and click on IAM.
  3. Click on Roles on the left menu.
  4. Search "Security Hub" and click on AWSServiceRoleForSecurityHub.
  5. Make sure AWSSecurityHubServiceRolePolicy existed under permission.
  6. If not, contact your administrator to have the role/policy assigned to the user.

Once the user has Amazon Security Hub role/policy, log into Security Hub to enable it.
  1. Search and click on Security Hub from AWS Services Menu.
  2. Click on Enable Security Hub

  3. In the service permissions page, click on Enable Security Hub.

  4. After Security Hub enabled, it begins consuming, aggregating, organizing, and prioritizing findings from AWS services.

Create customized policy to add to FortiCWP role
  1. In AWS portal, click on Services drop down menu and select IAM.
  2. Click on Policies in the left menu.
  3. Click on Create Policy.
  4. Under Visual Editor, click Service > Choose a service to show the search bar.
  5. Search GuardDuty, and check on "All GuardDuty actions".

  6. For the warning received, click on Resources and check on "All resources"

  7. Click on +Add additional permissions and repeat the steps above to add Inspector and SecurityHub.
  8. Click Review policy
  9. Fill in the policy name field. (Keep the policy name for later use)
  10. Click Create policy.

Add policy to FortiCWP role
  1. Select Roles from IAM dashboard.
  2. Search and click on the Role created for FortiCWP from Role Creation.
  3. Click on Attach policies.
  4. Search and check on customized policy created from earlier.
  5. Click on Attach policy.

Now FortiCWP is able to extract security findings from Amazon Security Hub and integrate into FortiCWP alert.

Viewing AWS Cloud Security Findings in Alert

After Amazon Inspector, Amazon Guard Duty, and AWS Security Hub are enabled, FortiCWP will provide real time cloud security monitoring and display any findings in Alert. For more details, please see Alert.

Previous
Next