Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

AWS Kinesis

Amazon Kinesis is an Amazon Web Service (AWS) for processing big data in real time. Kinesis is capable of processing hundreds of terabytes per hour from high volumes of streaming data from sources such as operating logs, financial transactions and social media feeds.

What is Discovered and Monitored

Protocol Information collected Used for
Amazon AWS Client Library Streaming data Collect, process, and analyze real-time streaming data.

 

Event Types

In RESOURCES > Event Types, enter "Kinesis" in the Search column to see the event types associated with this device.

Rules

No defined rules.

Reports

No defined reports.

Configuring AWS Kinesis

  1. Use your AWS account ID or account alias, your IAM user name, and your password to sign in to the IAM console.
  2. In the navigation bar on the upper right, choose your user name, and then choose My Security Credentials.
  3. On the AWS IAM Credentials tab, in the Access keys for CLI, SDK, and API access section, do any of the following:
    • To create an access key, choose Create access key. Then choose Download .csv file to save the access key ID and secret access key to a .csv file on your computer. Store the file in a secure location. You will not have access to the secret access key again after this dialog box closes. After you have downloaded the .csv file, choose Close. When you create an access key, the key pair is active by default, and you can use the pair right away.
    • To disable an active access key, choose Make inactive.
    • To reenable an inactive access key, choose Make active.
    • To delete an access key, choose its X button at the far right of the row. Then choose Delete to confirm. When you delete an access key, it's gone forever and cannot be retrieved. However, you can always create new keys.

Configuring ForitSIEM

  1. Go to the ADMIN > Setup > Credentials tab.
  2. In Step 1: Enter Credentials:
    1. Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
    2. Enter these settings in the Access Method Definition dialog box and click Save:

      Settings Description
      Name Enter a name for the credential
      Device Type Amazon AWS Kinesis
      Access Protocol AWS Kinesis Client Library
      Region You can enter one or more regions separated by a space, for example, “us-east-1 us-west-2”. See Supported Regions in AWS for a list of valid regions.
      Password Config Choose Manual, CyberArk, or RAX_Janus from the drop down list. For CyberArk , see CyberArk Password Configuration. For RAX_Janus, see RAX_Janus Password Configuration.
      Access Key Access key for your AWS Kinesis instance. See Configuring AWS Kinesis.
      Secret Key Secret key for your AWS Security Hub instance
      Organization The organization the device belongs to.
      Description Description of the device.
  3. In Step 2, Enter IP Range to Credential Associations:
    1. Select the name of your AWS Kinesis credential from the Credentials drop-down list.
    2. Enter a host name, an IP, or an IP range in the IP/Host Name field.
    3. Click Save.
  4. Click Test to test the connection to AWS Kinesis.
  5. To see the jobs associated with AWS Kinesis, select ADMIN > Pull Events.
  6. To see the received events select ANALYTICS, then enter AWS Kinesisin the search box.

Sample Events

AWS Kinesis can collect data from different devices or services. The data format is the same as the source data.

AWS Kinesis

Amazon Kinesis is an Amazon Web Service (AWS) for processing big data in real time. Kinesis is capable of processing hundreds of terabytes per hour from high volumes of streaming data from sources such as operating logs, financial transactions and social media feeds.

What is Discovered and Monitored

Protocol Information collected Used for
Amazon AWS Client Library Streaming data Collect, process, and analyze real-time streaming data.

 

Event Types

In RESOURCES > Event Types, enter "Kinesis" in the Search column to see the event types associated with this device.

Rules

No defined rules.

Reports

No defined reports.

Configuring AWS Kinesis

  1. Use your AWS account ID or account alias, your IAM user name, and your password to sign in to the IAM console.
  2. In the navigation bar on the upper right, choose your user name, and then choose My Security Credentials.
  3. On the AWS IAM Credentials tab, in the Access keys for CLI, SDK, and API access section, do any of the following:
    • To create an access key, choose Create access key. Then choose Download .csv file to save the access key ID and secret access key to a .csv file on your computer. Store the file in a secure location. You will not have access to the secret access key again after this dialog box closes. After you have downloaded the .csv file, choose Close. When you create an access key, the key pair is active by default, and you can use the pair right away.
    • To disable an active access key, choose Make inactive.
    • To reenable an inactive access key, choose Make active.
    • To delete an access key, choose its X button at the far right of the row. Then choose Delete to confirm. When you delete an access key, it's gone forever and cannot be retrieved. However, you can always create new keys.

Configuring ForitSIEM

  1. Go to the ADMIN > Setup > Credentials tab.
  2. In Step 1: Enter Credentials:
    1. Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
    2. Enter these settings in the Access Method Definition dialog box and click Save:

      Settings Description
      Name Enter a name for the credential
      Device Type Amazon AWS Kinesis
      Access Protocol AWS Kinesis Client Library
      Region You can enter one or more regions separated by a space, for example, “us-east-1 us-west-2”. See Supported Regions in AWS for a list of valid regions.
      Password Config Choose Manual, CyberArk, or RAX_Janus from the drop down list. For CyberArk , see CyberArk Password Configuration. For RAX_Janus, see RAX_Janus Password Configuration.
      Access Key Access key for your AWS Kinesis instance. See Configuring AWS Kinesis.
      Secret Key Secret key for your AWS Security Hub instance
      Organization The organization the device belongs to.
      Description Description of the device.
  3. In Step 2, Enter IP Range to Credential Associations:
    1. Select the name of your AWS Kinesis credential from the Credentials drop-down list.
    2. Enter a host name, an IP, or an IP range in the IP/Host Name field.
    3. Click Save.
  4. Click Test to test the connection to AWS Kinesis.
  5. To see the jobs associated with AWS Kinesis, select ADMIN > Pull Events.
  6. To see the received events select ANALYTICS, then enter AWS Kinesisin the search box.

Sample Events

AWS Kinesis can collect data from different devices or services. The data format is the same as the source data.