Fortinet black logo

External Systems Configuration Guide

Corero Smartwall Threat Defense System

Corero Smartwall Threat Defense System

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
Syslog Security Alerts and Events Security Monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "Corero-smart" to see the event types associated with this device. In FortiSIEM 6.2.0, there are approximately 3,452 event types defined.

Rules

There are no specific rules available for Corero.

Reports

There are no specific reports available for Corero. You can view all Corero events by taking the following steps.

  1. From the ANALYTICS page, click in the Edit Filters and Time Range field.
  2. Under Filter, select Event Attribute.
  3. In the Attribute field, select/enter "Event Type".
  4. In the Operator field, select "CONTAIN".
  5. In the Value field, enter "Corero-smart".
  6. (Optional) Click Save to save the search parameters for future related searches.
  7. Click Apply & Run.

Configuration

Please refer to the Corero documentation for information on configuring the device at the following link.

https://www.juniper.net/documentation/en_US/corero-smartwall9.5.0/information-products/topic-collections/Corero_SmartWall_CMS_UG/Content/cms_connect_swa.htm

Syslog

FortiSIEM processes events from this device via syslog. Configure the device to send syslog to FortiSIEM on port 514.

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Corero SmartWall
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration

Sample Syslog

<165>2020-09-22T18:07:28.905+02:00 10.11.12.13 cat=network,type=sflow,v=1,cl=default,device=Defense_10_12_12_102,profile=default,sc=175,sfn=16,dir=inbound,time=1600790847976000,mp=xe-1/1,issr=1999,isr=1,px=32,lb=0,ipv=4,dip=1.2.3.4,dprt=61205,iplen=1143,prot=6,tos=0,sip=1.2.3.5,sprt=443,ttl=126,bp=0,ep=0,icn=5,scl=0,fp=0,flags=24,flags-decode=PSH:ACK,plen=1161,ptag=37,pdu=0896ad670b22204e71624fc68100002508004500047762f400007e06f701d83ad724b9b9757201bbef15d173297cf6bf83c7501810dec0ad00004b10a65f2b244bb73879b0f4346428273ce3582fe59501013ea113a6bbdc535832cbf1ea85d95ecd7ab906eae299b27f16ee3d74b7fe3d981e33971dad0e03d68f90c03fbfabbd4fb63d081701603f5893e42ef3311b0d4936e9abd39621f62608de62b4466947feeaf3ca9aca54ba8fb8121dd3b5dfa5a3adf0ca8c92bb3cf4398b15edb508901db78409a09e3c

Corero Smartwall Threat Defense System

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
Syslog Security Alerts and Events Security Monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "Corero-smart" to see the event types associated with this device. In FortiSIEM 6.2.0, there are approximately 3,452 event types defined.

Rules

There are no specific rules available for Corero.

Reports

There are no specific reports available for Corero. You can view all Corero events by taking the following steps.

  1. From the ANALYTICS page, click in the Edit Filters and Time Range field.
  2. Under Filter, select Event Attribute.
  3. In the Attribute field, select/enter "Event Type".
  4. In the Operator field, select "CONTAIN".
  5. In the Value field, enter "Corero-smart".
  6. (Optional) Click Save to save the search parameters for future related searches.
  7. Click Apply & Run.

Configuration

Please refer to the Corero documentation for information on configuring the device at the following link.

https://www.juniper.net/documentation/en_US/corero-smartwall9.5.0/information-products/topic-collections/Corero_SmartWall_CMS_UG/Content/cms_connect_swa.htm

Syslog

FortiSIEM processes events from this device via syslog. Configure the device to send syslog to FortiSIEM on port 514.

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Corero SmartWall
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration

Sample Syslog

<165>2020-09-22T18:07:28.905+02:00 10.11.12.13 cat=network,type=sflow,v=1,cl=default,device=Defense_10_12_12_102,profile=default,sc=175,sfn=16,dir=inbound,time=1600790847976000,mp=xe-1/1,issr=1999,isr=1,px=32,lb=0,ipv=4,dip=1.2.3.4,dprt=61205,iplen=1143,prot=6,tos=0,sip=1.2.3.5,sprt=443,ttl=126,bp=0,ep=0,icn=5,scl=0,fp=0,flags=24,flags-decode=PSH:ACK,plen=1161,ptag=37,pdu=0896ad670b22204e71624fc68100002508004500047762f400007e06f701d83ad724b9b9757201bbef15d173297cf6bf83c7501810dec0ad00004b10a65f2b244bb73879b0f4346428273ce3582fe59501013ea113a6bbdc535832cbf1ea85d95ecd7ab906eae299b27f16ee3d74b7fe3d981e33971dad0e03d68f90c03fbfabbd4fb63d081701603f5893e42ef3311b0d4936e9abd39621f62608de62b4466947feeaf3ca9aca54ba8fb8121dd3b5dfa5a3adf0ca8c92bb3cf4398b15edb508901db78409a09e3c