Fortinet black logo

External Systems Configuration Guide

Nozomi

Nozomi

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
Syslog Device type Node detection, protocol information, network changes Security and Compliance

Event Types

In ADMIN > Device Support > Event, search for "Nozomi" in the Name and Description columns to see the event types associated with this device.

Rules

There are no specific rules for Nozomi, however rules that match the Event Type Groups associated with Nozomi Events may trigger.

Reports

There are no specific Reports for Nozomi, however reports that match the Event Type Groups associated with Nozomi Events may return results.

Configuring Syslog on Nozomi

  1. Log in to the Guardian console.
  2. Navigate to Administration->Data Integration.
  3. Press +Add on the right side of the screen.
  4. Select the Common Event Format (CEF) from the drop down.
  5. You should see the data entry screen.

  6. Enter the appropriate host information. For example udp://<FortiSIEM IP>:514.
  7. Select Enable sending Alerts and/or Enable sending Audit Logs and/or Enable sending Health Logs.
  8. Press New Endpoint.

Nozomi

What is Discovered and Monitored

Protocol Information discovered Metrics collected Used for
Syslog Device type Node detection, protocol information, network changes Security and Compliance

Event Types

In ADMIN > Device Support > Event, search for "Nozomi" in the Name and Description columns to see the event types associated with this device.

Rules

There are no specific rules for Nozomi, however rules that match the Event Type Groups associated with Nozomi Events may trigger.

Reports

There are no specific Reports for Nozomi, however reports that match the Event Type Groups associated with Nozomi Events may return results.

Configuring Syslog on Nozomi

  1. Log in to the Guardian console.
  2. Navigate to Administration->Data Integration.
  3. Press +Add on the right side of the screen.
  4. Select the Common Event Format (CEF) from the drop down.
  5. You should see the data entry screen.

  6. Enter the appropriate host information. For example udp://<FortiSIEM IP>:514.
  7. Select Enable sending Alerts and/or Enable sending Audit Logs and/or Enable sending Health Logs.
  8. Press New Endpoint.