Fortinet black logo

External Systems Configuration Guide

OneIdentity Safeguard

One Identity Safeguard (previously Balabit Privileged Session Management)

Integration Points

Protocol Information Discovered Used For
Syslog Privileged session management events Security and Compliance

Event Types

Over 50 events are parsed. In RESOURCES > Event Types, search for "OneIdentity-Safeguard-" in the main content panel Search... field.

Configuration

Configuring One Identity Safeguard

Follow the One Identity Safeguard documentation to send syslog to FortiSIEM.

Configuring FortiSIEM

FortiSIEM automatically recognizes One Identity Safeguard syslog as long as it follows the following format in the sample syslog:

<123>2018-10-08T22:59:49+08:00 scbdemo.balabit zorp/scb_rdp[31769]: core.debug(4): (svc/i9CTbTzV2wrRur3quVRzF4/GET_gateway_rdp:498:2): After NAT mapping; nat_type='0', src_addr='AF_INET(10.19.9.245:0)', dst_addr='AF_INET(10.46.26.196:3389)', new_addr='AF_INET(10.11.101.30:0)'

One Identity Safeguard (previously Balabit Privileged Session Management)

Integration Points

Protocol Information Discovered Used For
Syslog Privileged session management events Security and Compliance

Event Types

Over 50 events are parsed. In RESOURCES > Event Types, search for "OneIdentity-Safeguard-" in the main content panel Search... field.

Configuration

Configuring One Identity Safeguard

Follow the One Identity Safeguard documentation to send syslog to FortiSIEM.

Configuring FortiSIEM

FortiSIEM automatically recognizes One Identity Safeguard syslog as long as it follows the following format in the sample syslog:

<123>2018-10-08T22:59:49+08:00 scbdemo.balabit zorp/scb_rdp[31769]: core.debug(4): (svc/i9CTbTzV2wrRur3quVRzF4/GET_gateway_rdp:498:2): After NAT mapping; nat_type='0', src_addr='AF_INET(10.19.9.245:0)', dst_addr='AF_INET(10.46.26.196:3389)', new_addr='AF_INET(10.11.101.30:0)'