Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • External Systems Configuration Guide

    Home FortiSIEM 5.3.0 External Systems Configuration Guide
    5.3.0
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.7.9
    6.7.8
    6.7.7
    6.7.6
    6.7.5
    6.7.4
    6.7.3
    6.7.2
    6.7.1
    6.7.0
    6.6.5
    6.6.4
    6.6.3
    6.6.2
    6.6.1
    6.6.0
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    6.1.0
    5.4.0
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.0.0

    AWS EC2 CloudWatch API

    AWS EC2 CloudWatch API

    What is Discovered and Monitored

    Protocol Information Discovered Metrics Collected Used For
    CloudWatch API
    • Machine name
    • Internal Access IP
    • Instance ID
    • Image ID
    • Availability Zone
    • Instance Type
    • Volume ID
    • Status
    • Attach Time
    • CPU Utilization
    • Received Bits/sec
    • Sent Bits/sec
    • Disk reads (Instance Store)
    • Disk writes (Instance Store)
    • Disk reads/sec (Instance Store)
    • Disk writes/sec (Instance Store)
    • Packet loss
    • Read Bytes (EBS)
    • Write Bytes (EBS)
    • Read Ops (EBS)
    • Write Ops (EBS)
    • Disk Queue (EBS)
    		 Performance Monitoring

    Event Types

    • PH_DEV_MON_EBS_METRIC captures EBS metrics

    Configuration

    If you have not already configured Access Keys and permissions in AWS, please follow the steps outlined in AWS Access Key IAM Permissions and IAM Policies.

    You can configure FortiSIEM to communicate with your device, and then initiate discovery of the device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide. You should also be sure to read the topic Discovering Amazon Web Services (AWS) Infrastructure.

    Settings for Access Credentials

    Use these Access Method Definition settings to allow FortiSIEM to access AWS CloudWatch.

    SettingValue
    Nameec2
    Device TypeAmazon AWS CloudWatch
    Access ProtocolAWS CloudWatch
    RegionThe region in which your AWS instance is located
    AWS AccountThe name of your AWS account.
    Log Group NameName of the log group.
    Log Stream NameName of the log stream.
    Password ConfigSee Password Configuration.
    Access Key IDThe access key for your EC2 instance
    Secret KeyThe secret key for your EC2 instance

    Sample events

    [PH_DEV_MON_EC2_METRIC]:[eventSeverity]=PHL_INFO,[fileName]=phPerfJob.cpp,
    [lineNumber]=6571,[hostName]=ec2-54-81-216-218.compute-1.amazonaws.com,[hostIpAddr]=10.144.18.131,[cpuUtil]=0.334000,[diskReadKBytesPerSec]=0.000000,[diskWriteKBytesPerSec]=0.000000,[diskReadReqPerSec]=0.000000,[diskWriteReqPerSec]=0.000000,[sentBytes]=131,[recvBytes]=165,[sentBitsPerSec]=17.493333,[recvBitsPerSec]=22.026667,[phLogDetail]=
    [PH_DEV_MON_EBS_METRIC]:[eventSeverity]=PHL_INFO,[fileName]=deviceAws.cpp,
    [lineNumber]=133,[hostName]=ec2-52-69-215-178.ap-northeast-1.compute.amazonaws.com,[hostIpAddr]=172.30.0.50,[diskName]=/dev/sda1,[volumeId]=vol-63287d9f,[diskReadKBytesPerSec]=7.395556,[diskWriteKBytesPerSec]=7.395556,[ioReadsPerSec]=0.000000,[ioWritesPerSec]=0.010000,[diskQLen]=0,[phLogDetail]=
    Previous
    Next

    AWS EC2 CloudWatch API

    AWS EC2 CloudWatch API

    What is Discovered and Monitored

    Protocol Information Discovered Metrics Collected Used For
    CloudWatch API
    • Machine name
    • Internal Access IP
    • Instance ID
    • Image ID
    • Availability Zone
    • Instance Type
    • Volume ID
    • Status
    • Attach Time
    • CPU Utilization
    • Received Bits/sec
    • Sent Bits/sec
    • Disk reads (Instance Store)
    • Disk writes (Instance Store)
    • Disk reads/sec (Instance Store)
    • Disk writes/sec (Instance Store)
    • Packet loss
    • Read Bytes (EBS)
    • Write Bytes (EBS)
    • Read Ops (EBS)
    • Write Ops (EBS)
    • Disk Queue (EBS)
    		 Performance Monitoring

    Event Types

    • PH_DEV_MON_EBS_METRIC captures EBS metrics

    Configuration

    If you have not already configured Access Keys and permissions in AWS, please follow the steps outlined in AWS Access Key IAM Permissions and IAM Policies.

    You can configure FortiSIEM to communicate with your device, and then initiate discovery of the device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide. You should also be sure to read the topic Discovering Amazon Web Services (AWS) Infrastructure.

    Settings for Access Credentials

    Use these Access Method Definition settings to allow FortiSIEM to access AWS CloudWatch.

    SettingValue
    Nameec2
    Device TypeAmazon AWS CloudWatch
    Access ProtocolAWS CloudWatch
    RegionThe region in which your AWS instance is located
    AWS AccountThe name of your AWS account.
    Log Group NameName of the log group.
    Log Stream NameName of the log stream.
    Password ConfigSee Password Configuration.
    Access Key IDThe access key for your EC2 instance
    Secret KeyThe secret key for your EC2 instance

    Sample events

    [PH_DEV_MON_EC2_METRIC]:[eventSeverity]=PHL_INFO,[fileName]=phPerfJob.cpp,
    [lineNumber]=6571,[hostName]=ec2-54-81-216-218.compute-1.amazonaws.com,[hostIpAddr]=10.144.18.131,[cpuUtil]=0.334000,[diskReadKBytesPerSec]=0.000000,[diskWriteKBytesPerSec]=0.000000,[diskReadReqPerSec]=0.000000,[diskWriteReqPerSec]=0.000000,[sentBytes]=131,[recvBytes]=165,[sentBitsPerSec]=17.493333,[recvBitsPerSec]=22.026667,[phLogDetail]=
    [PH_DEV_MON_EBS_METRIC]:[eventSeverity]=PHL_INFO,[fileName]=deviceAws.cpp,
    [lineNumber]=133,[hostName]=ec2-52-69-215-178.ap-northeast-1.compute.amazonaws.com,[hostIpAddr]=172.30.0.50,[diskName]=/dev/sda1,[volumeId]=vol-63287d9f,[diskReadKBytesPerSec]=7.395556,[diskWriteKBytesPerSec]=7.395556,[ioReadsPerSec]=0.000000,[ioWritesPerSec]=0.010000,[diskQLen]=0,[phLogDetail]=
    Previous
    Next