Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

GitLab CLI

Events that are obtained with the GitLab REST API do not contain up-to-date information. To avoid this limitation, FortiSIEM uses the GitLab CLI to obtain events from the GitLab server in real time.

Integration points

Protocol Information collected Used for
GIT CLI Git commit history Security and Compliance

Event Types

In RESOURCES > Event Types, enter "GitLab" in the Search field to see the events associated with this device.

Rules

No defined rules.

Reports

In RESOURCES > Reports, enter "GitLab" in the Search column to see the reports associated with this device.

Generate an SSH Key in FortiSIEM

Generate an SSH key for FortiSIEM. The key will allow you to access the GitLab by using Git commands. Use the following command to generate the public key file and the private key file in the /opt/phoenix/bin/.ssh/ directory.

ssh-keygen -t rsa -b 4096 -C "root@localhost"

Configure an SSH Key in GitLab

Complete these steps to install the SSH key in the GitLab server:

  1. Login to your GitLab account.
  2. Select Settings from your account drop-down list.
  3. Select the SSH Keys tab.
  4. Add the public part of the key, for example:

    /opt/phoenix/bin/.ssh/id_rsa.pub

  5. Click Add Key.
  6. Install Git, for example:

    yum install git

Configuration in FortiSIEM

Complete these steps in the FortiSIEM UI:

  1. Go to the ADMIN > Setup > Credentials tab.
  2. In Step 1: Enter Credentials:
    1. Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
    2. Enter these settings in the Access Method Definition dialog box:

      Settings

      Description

      Name Enter a name for the credential
      Device Type GitLab GitLab
      Access Protocol GIT CLI
      Pull Interval The interval in which FortiSIEM will pull events from GitLab. Default is 5 minutes.
      Local Path to Clone The path to the location on your system where the repository will be downloaded. In the case of very large repositories, this gives users the opportunity to specify a location on an external device.
      Repositories The address of the repository in Git. You can enter multiple repositories, separated by whitespaces.
      Description Description of the device
  3. In Step 2, Enter IP Range to Credential Associations:
    1. Select the name of your GitLab credential from the Credentials drop-down list.
    2. Enter an IP or an IP range in the IP/IP Range field.
    3. Click Save.
  4. Click Test to test the connection to GitLab CLI.
  5. To see the jobs associated with GitLab, select ADMIN > Setup > Pull Events.
  6. To see the received events, select ANALYTICS, then enter GitLab in the search box.

Sample Events

[PH_DEV_MON_GIT_COMMIT]: [deviceTime]=1547013028,[user]="abc",[exchMboxName]="abc@fortinet.com",[hashCode]="fa408380aa4296d13aeb24418164994eea2c2737",[preHashCode]="d9cd6e31346611a4f75dc7fe768f6202a46dd7e6",[title]="Add new file",[details]="",[updateCount]="1",[deleteCount]="0",[filePath]="testfile2",[fileType]="testfile2",[repoURL]="git@dops-git.fortinet-us.com:abc/testproject_mei_willremove.git"

GitLab CLI

Events that are obtained with the GitLab REST API do not contain up-to-date information. To avoid this limitation, FortiSIEM uses the GitLab CLI to obtain events from the GitLab server in real time.

Integration points

Protocol Information collected Used for
GIT CLI Git commit history Security and Compliance

Event Types

In RESOURCES > Event Types, enter "GitLab" in the Search field to see the events associated with this device.

Rules

No defined rules.

Reports

In RESOURCES > Reports, enter "GitLab" in the Search column to see the reports associated with this device.

Generate an SSH Key in FortiSIEM

Generate an SSH key for FortiSIEM. The key will allow you to access the GitLab by using Git commands. Use the following command to generate the public key file and the private key file in the /opt/phoenix/bin/.ssh/ directory.

ssh-keygen -t rsa -b 4096 -C "root@localhost"

Configure an SSH Key in GitLab

Complete these steps to install the SSH key in the GitLab server:

  1. Login to your GitLab account.
  2. Select Settings from your account drop-down list.
  3. Select the SSH Keys tab.
  4. Add the public part of the key, for example:

    /opt/phoenix/bin/.ssh/id_rsa.pub

  5. Click Add Key.
  6. Install Git, for example:

    yum install git

Configuration in FortiSIEM

Complete these steps in the FortiSIEM UI:

  1. Go to the ADMIN > Setup > Credentials tab.
  2. In Step 1: Enter Credentials:
    1. Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
    2. Enter these settings in the Access Method Definition dialog box:

      Settings

      Description

      Name Enter a name for the credential
      Device Type GitLab GitLab
      Access Protocol GIT CLI
      Pull Interval The interval in which FortiSIEM will pull events from GitLab. Default is 5 minutes.
      Local Path to Clone The path to the location on your system where the repository will be downloaded. In the case of very large repositories, this gives users the opportunity to specify a location on an external device.
      Repositories The address of the repository in Git. You can enter multiple repositories, separated by whitespaces.
      Description Description of the device
  3. In Step 2, Enter IP Range to Credential Associations:
    1. Select the name of your GitLab credential from the Credentials drop-down list.
    2. Enter an IP or an IP range in the IP/IP Range field.
    3. Click Save.
  4. Click Test to test the connection to GitLab CLI.
  5. To see the jobs associated with GitLab, select ADMIN > Setup > Pull Events.
  6. To see the received events, select ANALYTICS, then enter GitLab in the search box.

Sample Events

[PH_DEV_MON_GIT_COMMIT]: [deviceTime]=1547013028,[user]="abc",[exchMboxName]="abc@fortinet.com",[hashCode]="fa408380aa4296d13aeb24418164994eea2c2737",[preHashCode]="d9cd6e31346611a4f75dc7fe768f6202a46dd7e6",[title]="Add new file",[details]="",[updateCount]="1",[deleteCount]="0",[filePath]="testfile2",[fileType]="testfile2",[repoURL]="git@dops-git.fortinet-us.com:abc/testproject_mei_willremove.git"