Fortinet FortiDeceptor
Integration Points
Method | Information discovered | Metrics collected | LOGs collected | Used for |
Syslog | Host name, Reporting IP | None | Authentication logs, Decoy activity | Security monitoring |
Event Types
In ADMIN > Device Support > Event, search for "FortiDeceptor" to see the event types associated with this device.
Rules
No specific rules are written for FortiDeceptor.
Reports
No specific reports are written for FortiDeceptor.
Configuration
Configure FortiDeceptor system to send logs to FortiSIEM in the supported format (see Sample Events).
Settings for Access Credentials
None required.
Sample Events
<27>2019-07-29T10:12:44 devhost=FDC-VM0000000262 devid=FDC-VM0000000262 logver=25 tzone=14400 tz=GST date=2019-07-29
time=10:12:44 logid=0106000001 type=event subtype=system level=error user=system ui=GUI action=update status=failure
msg="The authentication to FDN server failed"
<14>2019-07-29T10:40:34 devhost=FDC-VM0000000262 devid=FDC-VM0000000262 logver=25 tzone=14400 tz=GST date=2019-07-29
time=10:40:34 logid=0106000001 type=event subtype=system level=information user=admin ui=GUI action=Login
status=success msg="Administrator admin logged into website successfully from 10.0.0.254"