Events that are obtained with the GitLab REST API do not contain up-to-date information. To avoid this limitation, FortiSIEM uses the GitLab CLI to obtain events from the GitLab server in real time.
- Integration Points
- Event Types
- Generate an SSH Key in FortiSIEM
- Configure an SSH Key in GitLab
- Configuration in FortiSIEM
- Sample Events
|Protocol||Information collected||Used for|
|GIT CLI||Git commit history||Security and Compliance|
In RESOURCES > Event Types, enter "GitLab" in the Search field to see the events associated with this device.
No defined rules.
In RESOURCES > Reports, enter "GitLab" in the Search column to see the reports associated with this device.
Generate an SSH Key in FortiSIEM
Generate an SSH key for FortiSIEM. The key will allow you to access the GitLab by using Git commands. Use the following command to generate the public key file and the private key file in the
ssh-keygen -t rsa -b 4096 -C "root@localhost"
Configure an SSH Key in GitLab
Complete these steps to install the SSH key in the GitLab server:
- Login to your GitLab account.
- Select Settings from your account drop-down list.
- Select the SSH Keys tab.
- Add the public part of the key, for example:
- Click Add Key.
- Install Git, for example:
yum install git
Configuration in FortiSIEM
Complete these steps in the FortiSIEM UI:
- Go to the ADMIN > Setup > Credentials tab.
- In Step 1: Enter Credentials:
- Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
- Enter these settings in the Access Method Definition dialog box:
Name Enter a name for the credential Device Type GitLab GitLab Access Protocol GIT CLI Pull Interval The interval in which FortiSIEM will pull events from GitLab. Default is 5 minutes. Local Path to Clone The path to the location on your system where the repository will be downloaded. In the case of very large repositories, this gives users the opportunity to specify a location on an external device. Repositories The address of the repository in Git. You can enter multiple repositories, separated by whitespaces. Description Description of the device
- In Step 2, Enter IP Range to Credential Associations:
- Select the name of your GitLab credential from the Credentials drop-down list.
- Enter an IP or an IP range in the IP/IP Range field.
- Click Save.
- Click Test to test the connection to GitLab CLI.
- To see the jobs associated with GitLab, select ADMIN > Setup > Pull Events.
- To see the received events, select ANALYTICS, then enter GitLab in the search box.
[PH_DEV_MON_GIT_COMMIT]: [deviceTime]=1547013028,[user]="abc",[exchMboxName]="email@example.com",[hashCode]="fa408380aa4296d13aeb24418164994eea2c2737",[preHashCode]="d9cd6e31346611a4f75dc7fe768f6202a46dd7e6",[title]="Add new file",[details]="",[updateCount]="1",[deleteCount]="0",[filePath]="testfile2",[fileType]="testfile2",[repoURL]="firstname.lastname@example.org:abc/testproject_mei_willremove.git"