Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Fortinet FortiDeceptor

Integration Points

Method Information discovered Metrics collected LOGs collected Used for
Syslog Host name, Reporting IP None Authentication logs, Decoy activity Security monitoring

Event Types

In ADMIN > Device Support > Event, search for "FortiDeceptor" to see the event types associated with this device.

Rules

No specific rules are written for FortiDeceptor.

Reports

No specific reports are written for FortiDeceptor.

Configuration

Configure FortiDeceptor system to send logs to FortiSIEM in the supported format (see Sample Events).

Settings for Access Credentials

None required.

Sample Events

<27>2019-07-29T10:12:44 devhost=FDC-VM0000000262 devid=FDC-VM0000000262 logver=25 tzone=14400 tz=GST date=2019-07-29

time=10:12:44 logid=0106000001 type=event subtype=system level=error user=system ui=GUI action=update status=failure

msg="The authentication to FDN server failed"

 

<14>2019-07-29T10:40:34 devhost=FDC-VM0000000262 devid=FDC-VM0000000262 logver=25 tzone=14400 tz=GST date=2019-07-29

time=10:40:34 logid=0106000001 type=event subtype=system level=information user=admin ui=GUI action=Login

status=success msg="Administrator admin logged into website successfully from 10.0.0.254"

Fortinet FortiDeceptor

Integration Points

Method Information discovered Metrics collected LOGs collected Used for
Syslog Host name, Reporting IP None Authentication logs, Decoy activity Security monitoring

Event Types

In ADMIN > Device Support > Event, search for "FortiDeceptor" to see the event types associated with this device.

Rules

No specific rules are written for FortiDeceptor.

Reports

No specific reports are written for FortiDeceptor.

Configuration

Configure FortiDeceptor system to send logs to FortiSIEM in the supported format (see Sample Events).

Settings for Access Credentials

None required.

Sample Events

<27>2019-07-29T10:12:44 devhost=FDC-VM0000000262 devid=FDC-VM0000000262 logver=25 tzone=14400 tz=GST date=2019-07-29

time=10:12:44 logid=0106000001 type=event subtype=system level=error user=system ui=GUI action=update status=failure

msg="The authentication to FDN server failed"

 

<14>2019-07-29T10:40:34 devhost=FDC-VM0000000262 devid=FDC-VM0000000262 logver=25 tzone=14400 tz=GST date=2019-07-29

time=10:40:34 logid=0106000001 type=event subtype=system level=information user=admin ui=GUI action=Login

status=success msg="Administrator admin logged into website successfully from 10.0.0.254"