Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • External Systems Configuration Guide

    Home FortiSIEM 6.3.1 External Systems Configuration Guide
    6.3.1
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.7.9
    6.7.8
    6.7.7
    6.7.6
    6.7.5
    6.7.4
    6.7.3
    6.7.2
    6.7.1
    6.7.0
    6.6.5
    6.6.4
    6.6.3
    6.6.2
    6.6.1
    6.6.0
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    6.1.0
    5.4.0
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.0.0

    GitHub

    GitHub

    Integration Points

    Protocol Information collected Used for
    GitHub API Logs from the GitHub Service Security and Compliance

    Event Types

    In ADMIN > Device Support > Event Types, search for "GitHub" to see the event types associated with this device.

    Rules

    In RESOURCES > Rules, search for "GitHub" in the main content panel Search... field to see the rules associated with this device.

    Reports

    In RESOURCES > Reports, search for "GitHub" in the main content panel Search... field to see the reports associated with this device.

    Configuration

    Configuring GitHub Server

    Create an account to be used for FortiSIEM communication.

    Configuring FortiSIEM

    Use the account in previous step to enable FortiSIEM access.

    1. Login to FortiSIEM.
    2. Go to ADMIN > Setup > Credentials.
    3. In Step 1: Enter Credentials, click New to create a GitHub credential.
    4. Enter these settings in the Access Method Definition dialog box:

      Settings

      Description

      NameEnter a name for the credential
      Device Type GitHub.com GitHub
      Access Protocol GitHub API
      Pull Interval The interval in which FortiSIEM will pull events. Default is 5 minutes.
      Password ConfigSee Password Configuration
      User Name and PasswordEnter the user name and password for the account created while Configuring GitHub Server.
      Organization Choose the Organization if it is an MSP deployment and the same credential has to be used for multiple customers.
      Description Description of the device
    5. In Step 2: Enter IP Range to Credential Associations, click New.
      1. Set IP/Host Name to the IP address of the GitHub Server.
      2. Select the Credential created in steps 3 and 4.
      3. Click Save.
    6. Select the entry in step 3 above and click the Test drop-down list, and select Test Connectivity.
    7. After Test Connectivity succeeds, an entry will be created in ADMIN > Setup > Pull Events corresponding to this event pulling job. FortiSIEM will start to pull events from GitHub server using the API.

    To test for received GitHub events:

    1. Go to ADMIN > Setup > Pull Events.
    2. Select the GitHub entry and click Report.

    The system will take you to the ANALYTICS tab and run a query to display the events received from GitHub in the last 15 minutes. You can modify the time interval to get more events.

    Previous
    Next

    GitHub

    GitHub

    Integration Points

    Protocol Information collected Used for
    GitHub API Logs from the GitHub Service Security and Compliance

    Event Types

    In ADMIN > Device Support > Event Types, search for "GitHub" to see the event types associated with this device.

    Rules

    In RESOURCES > Rules, search for "GitHub" in the main content panel Search... field to see the rules associated with this device.

    Reports

    In RESOURCES > Reports, search for "GitHub" in the main content panel Search... field to see the reports associated with this device.

    Configuration

    Configuring GitHub Server

    Create an account to be used for FortiSIEM communication.

    Configuring FortiSIEM

    Use the account in previous step to enable FortiSIEM access.

    1. Login to FortiSIEM.
    2. Go to ADMIN > Setup > Credentials.
    3. In Step 1: Enter Credentials, click New to create a GitHub credential.
    4. Enter these settings in the Access Method Definition dialog box:

      Settings

      Description

      NameEnter a name for the credential
      Device Type GitHub.com GitHub
      Access Protocol GitHub API
      Pull Interval The interval in which FortiSIEM will pull events. Default is 5 minutes.
      Password ConfigSee Password Configuration
      User Name and PasswordEnter the user name and password for the account created while Configuring GitHub Server.
      Organization Choose the Organization if it is an MSP deployment and the same credential has to be used for multiple customers.
      Description Description of the device
    5. In Step 2: Enter IP Range to Credential Associations, click New.
      1. Set IP/Host Name to the IP address of the GitHub Server.
      2. Select the Credential created in steps 3 and 4.
      3. Click Save.
    6. Select the entry in step 3 above and click the Test drop-down list, and select Test Connectivity.
    7. After Test Connectivity succeeds, an entry will be created in ADMIN > Setup > Pull Events corresponding to this event pulling job. FortiSIEM will start to pull events from GitHub server using the API.

    To test for received GitHub events:

    1. Go to ADMIN > Setup > Pull Events.
    2. Select the GitHub entry and click Report.

    The system will take you to the ANALYTICS tab and run a query to display the events received from GitHub in the last 15 minutes. You can modify the time interval to get more events.

    Previous
    Next