Fortinet black logo

External Systems Configuration Guide

Microsoft Defender for IoT (Was CyberX OT/IoT Security)

Microsoft Defender for IoT (Was CyberX OT/IoT Security)

Event Types

In ADMIN > Device Support > Event Types, search for "cyberx" to see the event types associated with this device. In FortiSIEM 6.3.0, there are 5 event types defined.

Rules

In FortiSIEM 6.3.0, CyberX Security Alerts and CyberX Malware Detected are available.

Reports

In 6.3.0, a CyberX Security Alerts report is available.

Configuration

Syslog Configuration

For the latest Microsoft Defender for IoT (CyberX) documentation, see https://docs.microsoft.com/en-us/azure/defender-for-iot/

For latest forwarding rules information, see https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-forward-alert-information-to-partners

To configure syslog, take the following steps:

  1. Login to the CyberX Platform UI.

  2. In the left menu, go to the Forwarding menu.

  3. Create a new forwarding rule.

  4. In the Name field, enter "FortiSIEM_Notification" or your desired name.

  5. For Protocols, select All.

  6. For Engines, select All.

  7. Select the Informational Severity option for your desired severity level.

  8. Under Actions, click Add.

  9. Select Send to SYSLOG Server (CEF Format).

  10. In the Host field, enter the IP or hostname of your FortiSIEM collector.

  11. In the Port field, enter "514".

  12. In the Timezone field, enter your timezone.

  13. Click Submit when done.

Microsoft Defender for IoT (Was CyberX OT/IoT Security)

Event Types

In ADMIN > Device Support > Event Types, search for "cyberx" to see the event types associated with this device. In FortiSIEM 6.3.0, there are 5 event types defined.

Rules

In FortiSIEM 6.3.0, CyberX Security Alerts and CyberX Malware Detected are available.

Reports

In 6.3.0, a CyberX Security Alerts report is available.

Configuration

Syslog Configuration

For the latest Microsoft Defender for IoT (CyberX) documentation, see https://docs.microsoft.com/en-us/azure/defender-for-iot/

For latest forwarding rules information, see https://docs.microsoft.com/en-us/azure/defender-for-iot/organizations/how-to-forward-alert-information-to-partners

To configure syslog, take the following steps:

  1. Login to the CyberX Platform UI.

  2. In the left menu, go to the Forwarding menu.

  3. Create a new forwarding rule.

  4. In the Name field, enter "FortiSIEM_Notification" or your desired name.

  5. For Protocols, select All.

  6. For Engines, select All.

  7. Select the Informational Severity option for your desired severity level.

  8. Under Actions, click Add.

  9. Select Send to SYSLOG Server (CEF Format).

  10. In the Host field, enter the IP or hostname of your FortiSIEM collector.

  11. In the Port field, enter "514".

  12. In the Timezone field, enter your timezone.

  13. Click Submit when done.