Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    26.1.a
    26.1.a
    26.1.0
    25.4.a
    25.4.0

    FortiNDR Cloud Integrations

    FortiNDR Cloud Integrations

    FortiNDR Cloud natively supports integrations with multiple security tools and intelligence feeds. It also provides an open framework for creating custom integrations.

    The following integrations are currently supported:

    Category

    Integration

    Supported Version/Notes

    Deception

    FortiDeceptor

    Requires Automation Service

    SIEM

    CrowdStrike

    Tested with Parser 1.0.2
    FortiSIEM 7.1.0 or higher
    Microsoft Sentinel Integration supported via API-based ingestion.
    QRadar IBM QRadar SIEM version 7.3.3 or higher
    Splunk Splunk Cloud versions: 9.3, 9.2, 9.1
    SOAR Cortex-XSOAR Tested on: 6.6
    FortiSOAR Tested on: 7.3.2-2150
    Splunk SOAR

    7.3.2-2150 or higher

    EDR / Firewall

    FortiEDR

    Manager 6.2.0 or higher

    Collector 5.2.0 or higher

    FortiClientEMS

    Requires Automation Service

    FortiManager

    		7.4.2 or higher

    FortiGate

    		 7.4.2 or higher

    CrowdStrike EDR

    Requires latest Falcon EDR APIs

    SentinelOne

    Requires Automation Service

    Intelligence Feeds

    CrowdStrike Falcon Intel

    		License required

    Fortinet Botnet IP List

    		Included with FortiNDR Cloud

    Internet Scan Data B (Shodan)

    		Included with FortiNDR Cloud

    Known Sinkholes

    		Included with FortiNDR Cloud

    PhishTank

    		Included with FortiNDR Cloud

    Proofpoint TAP

    		License required

    Recorded Future connect

    		License required

    Threat Connect

    		 License required

    Tor Nodes

    		Included with FortiNDR Cloud

    URLHaus

    		Included with FortiNDR Cloud

    Other

    		 Endace 7.2.2 or higher

    ERSPAN

    Type II and Type III

    Netskope

    Integration via Cloud TAP Stitcher.

    Netflow

    NetFlow v5, v9, IPFIX and UDP/6343 (SFlow)

    Zscaler

    Integration supported through NSS for traffic and threat logs.

    For additional integrations, the SIEM/SOAR integration guide contains details for integrating with other tools. See, SIEM and SOAR Integration Guide.

    For network data ingestion, FortiNDR Cloud supports hardware sensors as well as virtual sensors on various platforms, including AWS and ESXi.

    FortiNDR Cloud also supports ingesting NSS log data from Zscaler. See, Zscaler ingestion.

    Automated integration response

    Automated integration response modules are available for FortiEDR and CrowdStrike Falcon EDR. Only a single integration can be set to Auto-Remediate at a time; others may be configured, but must be set up to respond manually.

    Previous
    Next

    Related Videos

    sidebar video

    FortiNDR Cloud: CrowdStrike Integration

    • 11 views
    • 2 months ago

    FortiNDR Cloud Integrations

    FortiNDR Cloud Integrations

    FortiNDR Cloud natively supports integrations with multiple security tools and intelligence feeds. It also provides an open framework for creating custom integrations.

    The following integrations are currently supported:

    Category

    Integration

    Supported Version/Notes

    Deception

    FortiDeceptor

    Requires Automation Service

    SIEM

    CrowdStrike

    Tested with Parser 1.0.2
    FortiSIEM 7.1.0 or higher
    Microsoft Sentinel Integration supported via API-based ingestion.
    QRadar IBM QRadar SIEM version 7.3.3 or higher
    Splunk Splunk Cloud versions: 9.3, 9.2, 9.1
    SOAR Cortex-XSOAR Tested on: 6.6
    FortiSOAR Tested on: 7.3.2-2150
    Splunk SOAR

    7.3.2-2150 or higher

    EDR / Firewall

    FortiEDR

    Manager 6.2.0 or higher

    Collector 5.2.0 or higher

    FortiClientEMS

    Requires Automation Service

    FortiManager

    		7.4.2 or higher

    FortiGate

    		 7.4.2 or higher

    CrowdStrike EDR

    Requires latest Falcon EDR APIs

    SentinelOne

    Requires Automation Service

    Intelligence Feeds

    CrowdStrike Falcon Intel

    		License required

    Fortinet Botnet IP List

    		Included with FortiNDR Cloud

    Internet Scan Data B (Shodan)

    		Included with FortiNDR Cloud

    Known Sinkholes

    		Included with FortiNDR Cloud

    PhishTank

    		Included with FortiNDR Cloud

    Proofpoint TAP

    		License required

    Recorded Future connect

    		License required

    Threat Connect

    		 License required

    Tor Nodes

    		Included with FortiNDR Cloud

    URLHaus

    		Included with FortiNDR Cloud

    Other

    		 Endace 7.2.2 or higher

    ERSPAN

    Type II and Type III

    Netskope

    Integration via Cloud TAP Stitcher.

    Netflow

    NetFlow v5, v9, IPFIX and UDP/6343 (SFlow)

    Zscaler

    Integration supported through NSS for traffic and threat logs.

    For additional integrations, the SIEM/SOAR integration guide contains details for integrating with other tools. See, SIEM and SOAR Integration Guide.

    For network data ingestion, FortiNDR Cloud supports hardware sensors as well as virtual sensors on various platforms, including AWS and ESXi.

    FortiNDR Cloud also supports ingesting NSS log data from Zscaler. See, Zscaler ingestion.

    Automated integration response

    Automated integration response modules are available for FortiEDR and CrowdStrike Falcon EDR. Only a single integration can be set to Auto-Remediate at a time; others may be configured, but must be set up to respond manually.

    Previous
    Next