Fortinet black logo

FortiSIEM Integration Guide

Home FortiNAC 9.2.0 FortiSIEM Integration Guide

Overview

9.2.0
9.4.0
9.2.0
8.8.0
8.7.0
Copy Link
Copy Doc ID ae6e8fce-74d4-11ed-8e6d-fa163e15d75b:744627
Download PDF

Overview

The information in this document provides guidance for configuring the XXXX device to be managed by FortiNAC. This document details the items that must be configured.

Note: As much information as possible about the integration of this device with FortiNAC is provided. However, the hardware vendor may have made modifications to the device’s firmware that invalidate portions of this document. If having problems configuring the device, contact the vendor for additional support.

Tip: For hyperlinks referencing other documentation, right-click the link and select Open in New Tab.

What it Does

FortiSIEM generates incidents when logs are received that match rules configured in the system. These logs can be from any supported device. When an incident is generated, FortiSIEM can forward the incident details to FortiNAC for enforcement.

FortiNAC parses the incident received from FortiSIEM, and uses the parsed data to generate a security event. These security events can then be used by FortiNAC to trigger an automated or manual action, such as a device quarantine.

In return, FortiNAC can send logs back to FortiSIEM via Syslog. These can be parsed by FortiSIEM and stored along with other events for inclusion in dashboards, reports, analytics and rules.

This flexible integration allows FortiSIEM and FortiNAC to work together to action events from across the network.

Previous
Next

Overview

The information in this document provides guidance for configuring the XXXX device to be managed by FortiNAC. This document details the items that must be configured.

Note: As much information as possible about the integration of this device with FortiNAC is provided. However, the hardware vendor may have made modifications to the device’s firmware that invalidate portions of this document. If having problems configuring the device, contact the vendor for additional support.

Tip: For hyperlinks referencing other documentation, right-click the link and select Open in New Tab.

What it Does

FortiSIEM generates incidents when logs are received that match rules configured in the system. These logs can be from any supported device. When an incident is generated, FortiSIEM can forward the incident details to FortiNAC for enforcement.

FortiNAC parses the incident received from FortiSIEM, and uses the parsed data to generate a security event. These security events can then be used by FortiNAC to trigger an automated or manual action, such as a device quarantine.

In return, FortiNAC can send logs back to FortiSIEM via Syslog. These can be parsed by FortiSIEM and stored along with other events for inclusion in dashboards, reports, analytics and rules.

This flexible integration allows FortiSIEM and FortiNAC to work together to action events from across the network.

Previous
Next