Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Cisco Stealthwatch

Integration points

Protocol Information Discovered Used For
syslog Network Anomaly Detection Alerts Security and Compliance

Configuring FortiSIEM

FortiSIEM automatically recognizes Cisco Stealthwatch syslog as long it follows the following format as shown in the sample syslog:

<129>Jun 18 14:56:00 ED2ALENTSVRSMC-1 StealthWatch[2699]: Lancope|StealthWatch|PRIORITY A|time=2018-06-18T14:55:30Z|target_hostname=|alarm_severity_id=5|alarm_type_id=60|alarm_type_description=Host may be infected with an SMB

Parsing and Events

Currently over 150 events are parsed – see event Types in Resources > Event Types and search for 'Cisco-StealthWatch-'. User can extend the parser to add other events.

Cisco Stealthwatch

Integration points

Protocol Information Discovered Used For
syslog Network Anomaly Detection Alerts Security and Compliance

Configuring FortiSIEM

FortiSIEM automatically recognizes Cisco Stealthwatch syslog as long it follows the following format as shown in the sample syslog:

<129>Jun 18 14:56:00 ED2ALENTSVRSMC-1 StealthWatch[2699]: Lancope|StealthWatch|PRIORITY A|time=2018-06-18T14:55:30Z|target_hostname=|alarm_severity_id=5|alarm_type_id=60|alarm_type_description=Host may be infected with an SMB

Parsing and Events

Currently over 150 events are parsed – see event Types in Resources > Event Types and search for 'Cisco-StealthWatch-'. User can extend the parser to add other events.