Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • External Systems Configuration Guide

    Home FortiSIEM 6.1.1 External Systems Configuration Guide
    6.1.1
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.7.9
    6.7.8
    6.7.7
    6.7.6
    6.7.5
    6.7.4
    6.7.3
    6.7.2
    6.7.1
    6.7.0
    6.6.5
    6.6.4
    6.6.3
    6.6.2
    6.6.1
    6.6.0
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    6.1.0
    5.4.0
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.0.0

    Rapid7 InsightVM

    Rapid7 InsightVM Integration

    Integration points

    Protocol

    Information Collected

    Used For
    InsightVM API Vulnerability scan data Security and Compliance

    Rapid7 InsightVM API Integration

    FortiSIEM can pull vulnerability scan data from Rapid7 InsightVM Server via InsightVM API.

    InsightVM scan data contains vulnerabilities found on a host. Each host vulnerability is converted into a separate FortiSIEM event with event type Rapid7-InsightVM-Vuln-Detected.

    Configuring Rapid7 InsightVM Server

    Create an account to be used for FortiSIEM communication.

    Configuring FortiSIEM

    Use the account in previous step to enable FortiSIEM access:

    1. Login to FortiSIEM.
    2. Go to Admin > Setup > Credential.
    3. Click New to create a Rapid7 InsightVM credential.
      1. Choose Device Type = Rapid7 InsightVM (Vendor = Rapid7, Model = InsightVM).
      2. Choose Access Protocol = InsightVM API.
      3. Choose Pull Interval = 5 minutes.
      4. Choose HTTPS Port (default 3780).
      5. Choose User name and Password for the account created while Configuring Rapid7 InsightVM Server.
      6. Choose the Organization if it is an MSP deployment and the same credential is to be used for multiple customers.
      7. Click Save.
    4. Enter an IP Range to Credential Association:
      1. Set IP to the IP address of the Rapid7 InsightVM Server.
      2. Select the Credential created in step 3
      3. Click Save.
    5. Perform Test Connectivity to make sure that the credential works correctly.
    6. Discover the Rapid7 InsightVM Server using the IP address used in Step 4. Make sure Discover succeeds.
    7. An entry will be created in Admin > Setup > Pull Events corresponding to this event pulling job. FortiSIEM will start to pull events from Rapid7 InsightVM Server using the InsightVM REST API.

    To test for received InsightVM Vulnerability events:

    1. Go to Admin > Setup > Pull Events
    2. Select the InsightVM entry and click Report.

    The system will take you to the Analytics tab and run a query to display the events received from InsightVM Server in the last 15 minutes. You can modify the time interval to get more events.

    Previous
    Next

    Rapid7 InsightVM

    Rapid7 InsightVM Integration

    Integration points

    Protocol

    Information Collected

    Used For
    InsightVM API Vulnerability scan data Security and Compliance

    Rapid7 InsightVM API Integration

    FortiSIEM can pull vulnerability scan data from Rapid7 InsightVM Server via InsightVM API.

    InsightVM scan data contains vulnerabilities found on a host. Each host vulnerability is converted into a separate FortiSIEM event with event type Rapid7-InsightVM-Vuln-Detected.

    Configuring Rapid7 InsightVM Server

    Create an account to be used for FortiSIEM communication.

    Configuring FortiSIEM

    Use the account in previous step to enable FortiSIEM access:

    1. Login to FortiSIEM.
    2. Go to Admin > Setup > Credential.
    3. Click New to create a Rapid7 InsightVM credential.
      1. Choose Device Type = Rapid7 InsightVM (Vendor = Rapid7, Model = InsightVM).
      2. Choose Access Protocol = InsightVM API.
      3. Choose Pull Interval = 5 minutes.
      4. Choose HTTPS Port (default 3780).
      5. Choose User name and Password for the account created while Configuring Rapid7 InsightVM Server.
      6. Choose the Organization if it is an MSP deployment and the same credential is to be used for multiple customers.
      7. Click Save.
    4. Enter an IP Range to Credential Association:
      1. Set IP to the IP address of the Rapid7 InsightVM Server.
      2. Select the Credential created in step 3
      3. Click Save.
    5. Perform Test Connectivity to make sure that the credential works correctly.
    6. Discover the Rapid7 InsightVM Server using the IP address used in Step 4. Make sure Discover succeeds.
    7. An entry will be created in Admin > Setup > Pull Events corresponding to this event pulling job. FortiSIEM will start to pull events from Rapid7 InsightVM Server using the InsightVM REST API.

    To test for received InsightVM Vulnerability events:

    1. Go to Admin > Setup > Pull Events
    2. Select the InsightVM entry and click Report.

    The system will take you to the Analytics tab and run a query to display the events received from InsightVM Server in the last 15 minutes. You can modify the time interval to get more events.

    Previous
    Next