Fortinet black logo

External Systems Configuration Guide

Change Log

Change Log

DateChange Description
2018-05-23Initial version of the guide.
2018-07-24 Revision 2 with a new section under Windows Server Configuration - Configuring Log Monitoring for Non-Administrative User.
2018-08-07 Revision 3 with updated section: Fortinet FortiGate Firewall
2018-09-12Revision 4 with updated section: Microsoft Azure Audit
2018-09-26Revision 5 with updated section: WatchGuard Firebox Firewall
2018-11-28Revision 6 with updated section: Fortinet FortiGate Firewall > Configuring SSH on FortiSIEM to communicate with FortiGate
2019-01-29Revision 7: updated section: Cisco FireSIGHT
2019-03-15Revision 8: new section: Threat Intelligence
2019-03-28Revision 9: updates the guide to reflect the new menu hierarchy in the FortiSIEM tool.
2019-04-24Revision 10: added Carbon Black Security Platform under End Point Security Software.
2019-07-24Revision 11: updated integration instructions for Microsoft Office 365 Audit.
2019-10-22Revision 12: added Clavister Firewall and FortiADC devices. Added Active Directory User Discovery section to Microsoft Active Directory device. Corrections to SQL Server DDL Event Creation Script and SQL Server Database Level Event Creation Script.
2019-11-22Revision 13: added Zeek (Bro) installation instructions for Security Onion, Cyberoam FortiADC, Epic SecuritySIEM, FortiEDR, FortiNAC, FortiDeceptor, Microsoft Network Policy Server, TrendMicro Deep Discovery. Changed the name of Cisco FireAMP to Cisco AMP Cloud V0. Changed the name of Cisco AMP to Cisco AMP Cloud V1.
2020-01-03Revision 14: added CradlePoint.
2020-04-15Revision 15: added Alert Logic Iris API, AWS Kinesis, AWS Security Hub, Cisco Amp, GitLab Cli, Azure Event Hub, Azure Compute, McAfee ePolicy Orchestrator, LastLine, Imperva Securesphere Web App Firewall, Imperva Securesphere DB Security Gateway, Imperva Securesphere DB Monitoring Gateway, Green League WVSS, FortiInsight, Damballa Failsafe, AWS EC2, Cisco Fireamp, Novell Netware, Green League RSAS, Checkpoint SmartCenter, FortiTester, Cisco Viptela, MobileIron, Duo, Indegy Industrial Cybersecurity Suite, Netwrix, Darktrace DCIP, Hirschmann SCADA Firewalls and Switches.
2020-07-22Revision 16: Edits to Cisco AMP Cloud V0 and Cisco AMP Cloud V1.
2020-10-09Revision 17: Added Alcide io KAudit, Stormshield Network Security and Tigera Calico
2020-12-18Revision 18: Added note to AWS CloudTrail API Configuration
2021-01-05Revision 19: Added Mapping Active Directory User Attributes to FortiSIEM User Attributes.
2021-02-03Revision 20: Updated Malwarebytes to Malwarebytes Endpoint Protection.
2021-03-03Revision 21: Added NetApp Data ONTAP Supported Version.
2021-03-18Revision 22: Added Claroty Continuous Threat Detection, Corero Smartwall Threat Defense, Dragos Platform, Malwarebytes Breach Remediation, Oracle Cloud Access Security Broker (CASB), Proofpoint.
2021-04-05Revision 23: Updated Linux server section.
2021-04-07Revision 24: Updated AWS Kinesis for 6.2.0.
2021-04-16Revision 25: Updated Microsoft Office 365 Audit "Create the Office 365 API Credential" steps.
2021-04-23Revision 26: Added Salesforce Configuration for 6.2.0, 6.1.x, 5.4.0, 5.3.x, 5.2.x releases.
2021-05-07Revision 27: Added FortiAnalyzer Configuration under Log Aggregators for 6.2.x and 6.1.x releases.
2021-05-12Revision 28: Updated Microsoft Windows Server WinRM Configurations for 6.2.x releases.
2021-05-17Revision 29: Updated Apache Web Servers, AWS EC2 CloudWatch API, FortiGate Firewall, and FortiAnalyzer for 6.2.x releases.
2021-05-21Revision 30: Windows Agent Link for various Microsoft topics fixed.
2021-05-24Revision 31: Environmental Sensors replaced and updated with Operational Technology.
2021-05-25Revision 32: Microsoft Recommendation information for DNS Analytical Logs added to Microsoft DNS - Configuration section.
2021-06-04Revision 33: SNMP v3 configuration added to FortiGate. Microsoft Azure ATP renamed to Microsoft Defender for Identity, and Microsoft Windows Defender ATP renamed to Microsoft Defender for Endpoint.
2021-06-08Revision 34: Added Cisco Firepower Threat Defense and updated Cisco Adaptive Security Appliance (ASA).
2021-06-09Revision 35: Updated Linux Server section with Additional Configuration Information and Example for syslog-ng and rsyslog.

2021-06-25

Revision 36: Updated various third party product names, configurations, and Fortinet product configurations.
2021-07-26Revision 37: Updated Epilog/snare link for Oracle Database Server, Juniper Steel Belted RADIUS, and Apache Web Server configurations.
2021-07-30Revision 38: Updated Tenable Nessus Vulnerability Scanner configuration.
2021-08-02Revision 39: Updated Cisco FireSIGHT Configuration.
2021-08-30Revision 40: Updated Microsoft SQL Server for 6.x guides.
2021-09-24Revision 41: Updated Squid Web Proxy with syslog configuration for versions 4.1.1 and later for 6.1.1-6.3.x Guides.
2021-10-29Revision 42: Updated Cisco Firepower Management Center (FMC) - Formerly FireSIGHT and FirePower Threat Defense : Using Cisco eStreamer Client for 6.x Guides.
2021-11-16Revision 43: Updated FortiSIEM External Ports with sFlow port number and protocol from External Devices to Supervisor/Worker/Collector.
2021-11-30Revision 44: Updated FortiSIEM External Ports Collector Communication table.

2021-12-06

Revision 45: Updated Enable WinRM and set authentication in Microsoft Windows Server.
2021-12-08Revision 46: Updated Syslog over TLS section for 6.x.
2022-01-07Revision 47: SNMP V3 Traps section added.
2022-01-13Revision 48: CrowdStrike Endpoint Security section updated for 6.2.x and later.
2022-03-01Revision 49: Added Flow Support section.
2022-03-02Revision 50: Updated MySQL Server - Settings for MySQL Server JDBC Access Credentials for Database Auditing - Audit Table field.
2022-03-18Revision 51: Updated Microsoft Defender for Endpoint legacy information. Moved Microsoft Defender for Endpoint from Cloud Applications to End Point Security Software.
2022-03-22Revision 52: Configuring Tigera Calico to Send Logs link updated.
2022-03-28Revision 53: Updated Microsoft Azure Audit Configuration section.
2022-04-04Revision 54: Added Zscaler Cloud Firewall.
2022-07-13Revision 55: Updated Using Cisco eStreamer Client section in Cisco FireSIGHT and FirePower Threat Defence.
2022-07-25Revision 56: Updated Microsoft Exchange.

2022-08-09

Revision 57: Updated Configuring FortiSIEM for Sophos Central for API Access.
2022-09-07Revision 58: Updated FortiSIEM External Ports section.
2022-10-31Revision 59: Updated Citrix Netscaler Application Delivery Controller (ADC) Configuration section.
2022-12-22Revision 60: Updated Microsoft Azure Event Hub - Configuration in Azure Step 4.
2023-01-10Revision 61: Updated Cisco Call Manager - Configure FortiSIEM to Receive CDR Records from Cisco Call Manager.
2023-03-09Revision 62: Updated Microsoft Azure Audit - Create IP Range to Credential Association and Test Connectivity in FortiSIEM section.
2023-04-10Revision 63: Updated Oracle WebLogic section.
2023-05-10Revision 64: Updated Enable Office 365 Audit Log Search section for Microsoft Office 365 Audit.
2023-06-14Revision 65: Updated Configuring FortiAnalyzer to Send Logs to FortiSIEM section for Fortinet FortiGate Firewall.
2023-08-03Revision 66: Updated Blue Coat Web Proxy section.
2023-09-14Revision 67: Updated Proofpoint section.
2023-09-28Revision 68: Updated Microsoft Windows Server section.
2023-10-17Revision 69: Updated Microsoft Office 365 Audit section.
2024-02-07Revision 70: Added SQL Server 2022 support for Microsoft SQL Server. Added 7928 port entry for Supervisor Communication and Worker Communication in FortiSIEM Port Usage.

Change Log

DateChange Description
2018-05-23Initial version of the guide.
2018-07-24 Revision 2 with a new section under Windows Server Configuration - Configuring Log Monitoring for Non-Administrative User.
2018-08-07 Revision 3 with updated section: Fortinet FortiGate Firewall
2018-09-12Revision 4 with updated section: Microsoft Azure Audit
2018-09-26Revision 5 with updated section: WatchGuard Firebox Firewall
2018-11-28Revision 6 with updated section: Fortinet FortiGate Firewall > Configuring SSH on FortiSIEM to communicate with FortiGate
2019-01-29Revision 7: updated section: Cisco FireSIGHT
2019-03-15Revision 8: new section: Threat Intelligence
2019-03-28Revision 9: updates the guide to reflect the new menu hierarchy in the FortiSIEM tool.
2019-04-24Revision 10: added Carbon Black Security Platform under End Point Security Software.
2019-07-24Revision 11: updated integration instructions for Microsoft Office 365 Audit.
2019-10-22Revision 12: added Clavister Firewall and FortiADC devices. Added Active Directory User Discovery section to Microsoft Active Directory device. Corrections to SQL Server DDL Event Creation Script and SQL Server Database Level Event Creation Script.
2019-11-22Revision 13: added Zeek (Bro) installation instructions for Security Onion, Cyberoam FortiADC, Epic SecuritySIEM, FortiEDR, FortiNAC, FortiDeceptor, Microsoft Network Policy Server, TrendMicro Deep Discovery. Changed the name of Cisco FireAMP to Cisco AMP Cloud V0. Changed the name of Cisco AMP to Cisco AMP Cloud V1.
2020-01-03Revision 14: added CradlePoint.
2020-04-15Revision 15: added Alert Logic Iris API, AWS Kinesis, AWS Security Hub, Cisco Amp, GitLab Cli, Azure Event Hub, Azure Compute, McAfee ePolicy Orchestrator, LastLine, Imperva Securesphere Web App Firewall, Imperva Securesphere DB Security Gateway, Imperva Securesphere DB Monitoring Gateway, Green League WVSS, FortiInsight, Damballa Failsafe, AWS EC2, Cisco Fireamp, Novell Netware, Green League RSAS, Checkpoint SmartCenter, FortiTester, Cisco Viptela, MobileIron, Duo, Indegy Industrial Cybersecurity Suite, Netwrix, Darktrace DCIP, Hirschmann SCADA Firewalls and Switches.
2020-07-22Revision 16: Edits to Cisco AMP Cloud V0 and Cisco AMP Cloud V1.
2020-10-09Revision 17: Added Alcide io KAudit, Stormshield Network Security and Tigera Calico
2020-12-18Revision 18: Added note to AWS CloudTrail API Configuration
2021-01-05Revision 19: Added Mapping Active Directory User Attributes to FortiSIEM User Attributes.
2021-02-03Revision 20: Updated Malwarebytes to Malwarebytes Endpoint Protection.
2021-03-03Revision 21: Added NetApp Data ONTAP Supported Version.
2021-03-18Revision 22: Added Claroty Continuous Threat Detection, Corero Smartwall Threat Defense, Dragos Platform, Malwarebytes Breach Remediation, Oracle Cloud Access Security Broker (CASB), Proofpoint.
2021-04-05Revision 23: Updated Linux server section.
2021-04-07Revision 24: Updated AWS Kinesis for 6.2.0.
2021-04-16Revision 25: Updated Microsoft Office 365 Audit "Create the Office 365 API Credential" steps.
2021-04-23Revision 26: Added Salesforce Configuration for 6.2.0, 6.1.x, 5.4.0, 5.3.x, 5.2.x releases.
2021-05-07Revision 27: Added FortiAnalyzer Configuration under Log Aggregators for 6.2.x and 6.1.x releases.
2021-05-12Revision 28: Updated Microsoft Windows Server WinRM Configurations for 6.2.x releases.
2021-05-17Revision 29: Updated Apache Web Servers, AWS EC2 CloudWatch API, FortiGate Firewall, and FortiAnalyzer for 6.2.x releases.
2021-05-21Revision 30: Windows Agent Link for various Microsoft topics fixed.
2021-05-24Revision 31: Environmental Sensors replaced and updated with Operational Technology.
2021-05-25Revision 32: Microsoft Recommendation information for DNS Analytical Logs added to Microsoft DNS - Configuration section.
2021-06-04Revision 33: SNMP v3 configuration added to FortiGate. Microsoft Azure ATP renamed to Microsoft Defender for Identity, and Microsoft Windows Defender ATP renamed to Microsoft Defender for Endpoint.
2021-06-08Revision 34: Added Cisco Firepower Threat Defense and updated Cisco Adaptive Security Appliance (ASA).
2021-06-09Revision 35: Updated Linux Server section with Additional Configuration Information and Example for syslog-ng and rsyslog.

2021-06-25

Revision 36: Updated various third party product names, configurations, and Fortinet product configurations.
2021-07-26Revision 37: Updated Epilog/snare link for Oracle Database Server, Juniper Steel Belted RADIUS, and Apache Web Server configurations.
2021-07-30Revision 38: Updated Tenable Nessus Vulnerability Scanner configuration.
2021-08-02Revision 39: Updated Cisco FireSIGHT Configuration.
2021-08-30Revision 40: Updated Microsoft SQL Server for 6.x guides.
2021-09-24Revision 41: Updated Squid Web Proxy with syslog configuration for versions 4.1.1 and later for 6.1.1-6.3.x Guides.
2021-10-29Revision 42: Updated Cisco Firepower Management Center (FMC) - Formerly FireSIGHT and FirePower Threat Defense : Using Cisco eStreamer Client for 6.x Guides.
2021-11-16Revision 43: Updated FortiSIEM External Ports with sFlow port number and protocol from External Devices to Supervisor/Worker/Collector.
2021-11-30Revision 44: Updated FortiSIEM External Ports Collector Communication table.

2021-12-06

Revision 45: Updated Enable WinRM and set authentication in Microsoft Windows Server.
2021-12-08Revision 46: Updated Syslog over TLS section for 6.x.
2022-01-07Revision 47: SNMP V3 Traps section added.
2022-01-13Revision 48: CrowdStrike Endpoint Security section updated for 6.2.x and later.
2022-03-01Revision 49: Added Flow Support section.
2022-03-02Revision 50: Updated MySQL Server - Settings for MySQL Server JDBC Access Credentials for Database Auditing - Audit Table field.
2022-03-18Revision 51: Updated Microsoft Defender for Endpoint legacy information. Moved Microsoft Defender for Endpoint from Cloud Applications to End Point Security Software.
2022-03-22Revision 52: Configuring Tigera Calico to Send Logs link updated.
2022-03-28Revision 53: Updated Microsoft Azure Audit Configuration section.
2022-04-04Revision 54: Added Zscaler Cloud Firewall.
2022-07-13Revision 55: Updated Using Cisco eStreamer Client section in Cisco FireSIGHT and FirePower Threat Defence.
2022-07-25Revision 56: Updated Microsoft Exchange.

2022-08-09

Revision 57: Updated Configuring FortiSIEM for Sophos Central for API Access.
2022-09-07Revision 58: Updated FortiSIEM External Ports section.
2022-10-31Revision 59: Updated Citrix Netscaler Application Delivery Controller (ADC) Configuration section.
2022-12-22Revision 60: Updated Microsoft Azure Event Hub - Configuration in Azure Step 4.
2023-01-10Revision 61: Updated Cisco Call Manager - Configure FortiSIEM to Receive CDR Records from Cisco Call Manager.
2023-03-09Revision 62: Updated Microsoft Azure Audit - Create IP Range to Credential Association and Test Connectivity in FortiSIEM section.
2023-04-10Revision 63: Updated Oracle WebLogic section.
2023-05-10Revision 64: Updated Enable Office 365 Audit Log Search section for Microsoft Office 365 Audit.
2023-06-14Revision 65: Updated Configuring FortiAnalyzer to Send Logs to FortiSIEM section for Fortinet FortiGate Firewall.
2023-08-03Revision 66: Updated Blue Coat Web Proxy section.
2023-09-14Revision 67: Updated Proofpoint section.
2023-09-28Revision 68: Updated Microsoft Windows Server section.
2023-10-17Revision 69: Updated Microsoft Office 365 Audit section.
2024-02-07Revision 70: Added SQL Server 2022 support for Microsoft SQL Server. Added 7928 port entry for Supervisor Communication and Worker Communication in FortiSIEM Port Usage.