Fortinet black logo

External Systems Configuration Guide

Fortinet FortiSOAR

Fortinet FortiSOAR

What is Discovered and Monitored

Protocol

Log Format

Used for

Syslog

CEF

Security and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "fortisoar" to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

Configuring FortiSOAR for Syslog Forwarding

To configure FortiSOAR to forward syslog to FortiSIEM, take the following steps:

Note: It is recommended that you refer to the most current FortiSOAR Administration Guide for the latest configuration steps. Configuration steps here from the 7.0.0 FortiSOAR Administration Guide.

  1. From FortiSOAR, navigate to Settings > Configuration > Log Forwarding.

  2. Check the Enable Log Forwarding checkbox.

  3. Configure the Syslog Server Details as follows.

    Field Input
    Configuration Name Input "FortiSIEM".
    Server Input the IP address or FQDN of the FortiSIEM Collector.
    Protocol Select UDP.
    Port Input "514".
    Choose Log Types to Forward Select all options.
    Specify Audit Log Detail Level Select Detailed.
    Configure Audit Log Forward Rules Select what you want logged to FortiSIEM.
  4. Click Save.

Fortinet FortiSOAR

What is Discovered and Monitored

Protocol

Log Format

Used for

Syslog

CEF

Security and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "fortisoar" to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

Configuring FortiSOAR for Syslog Forwarding

To configure FortiSOAR to forward syslog to FortiSIEM, take the following steps:

Note: It is recommended that you refer to the most current FortiSOAR Administration Guide for the latest configuration steps. Configuration steps here from the 7.0.0 FortiSOAR Administration Guide.

  1. From FortiSOAR, navigate to Settings > Configuration > Log Forwarding.

  2. Check the Enable Log Forwarding checkbox.

  3. Configure the Syslog Server Details as follows.

    Field Input
    Configuration Name Input "FortiSIEM".
    Server Input the IP address or FQDN of the FortiSIEM Collector.
    Protocol Select UDP.
    Port Input "514".
    Choose Log Types to Forward Select all options.
    Specify Audit Log Detail Level Select Detailed.
    Configure Audit Log Forward Rules Select what you want logged to FortiSIEM.
  4. Click Save.