- Integration points
- Event Types
- GitHub API Integration
- Configuring GitHub Server
- Configuring FortiSIEM
|Protocol||Information collected||Used for|
|GitHub API||Logs from the GitHub Service||Security and Compliance|
In ADMIN > Device Support > Event, search for "GitHub" to see the event types associated with this device.
In RESOURCE > Rules, search for "GitHub" to see the rules associated with this device.
In RESOURCE > Reports, search for "GitHub" to see the reports associated with this device.
Configuring GitHub Server
Create an account to be used for FortiSIEM communication.
Use the account in previous step to enable FortiSIEM access.
- Login to FortiSIEM.
- Go to ADMIN > Setup > Credential.
- Click New to create a GitHub credential.
- In Step 1: Enter Credentials, enter these settings in the Access Method Definition dialog box:
Name Enter a name for the credential Device Type GitHub.com GitHub Access Protocol GitHub API Pull Interval The interval in which FortiSIEM will pull events. Default is 5 minutes. Password Config See Password Configuration User Name and Password Enter the user name and password for the account created while Configuring GitHub Server. Organization Choose the Organization if it is an MSP deployment and the same credential has to be used for multiple customers. Description Description of the device
- Enter an IP Range to Credential Association.
- Set IP to the IP address of the GitHub Server.
- Select the Credential created in steps 3 and 4.
- Click Save.
- Select the entry in step 4 above and click Test Connectivity.
- After Test Connectivity succeeds, an entry will be created in ADMIN > Setup > Pull Events corresponding to this event pulling job. FortiSIEM will start to pull events from GitHub server using the API.
To test for received GitHub events:
- Go to ADMIN > Setup > Pull Events.
- Select the GitHub entry and click Report.
The system will take you to the Analytics tab and run a query to display the events received from GitHub in the last 15 minutes. You can modify the time interval to get more events.