Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

AWS Simple Queue Service (SQS)

Support Added: FortiSIEM 6.5.0

Vendor Version Tested: Not Provided

 

Vendor: Amazon

Product: Amazon Simple Queue Service (SQS)

Product Informationhttps://aws.amazon.com/sqs/

 

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
AWS SQS   service logs Log analysis

Event Types

In ADMIN > Device Support > Event Types, search for "aws sqs" to see the event types associated with this device.

 

Rules

There are no specific rules available for AWS SQS.

Reports

There are no specific reports available for AWS SQS.

 

Configuration

Setup in FortiSIEM

Complete these steps in the FortiSIEM UI:

  1. Go to the ADMIN > Setup > Credentials tab.
  2. In Step 1: Enter Credentials:
    1. Follow the instructions in "Setting Credentials" in the User's Guide to create a new credential.
    2. Enter these settings in the Access Method Definition dialog box:
      Note: Make sure no other devices use the same credential, otherwise events may appear missing.

      Settings Description
      Name Enter a name for the credential
      Device Type Amazon AWS SQS
      Access Protocol AWS SQS
      Region The region in which your AWS instance is located .
      SQS Queue URL Provide the full URL, for example:  https://sqs.us-west-2.amazonaws.com/623885071509/sqsforloadblancer

      Pull Interval

      The interval in which FortiSIEM will pull events from AWS SQS. Default is 5 minutes.

      Password Config See Password Configuration.
      Access Key ID The access key for your EC2 instance
      Secret Key The secret key for your EC2 instance

      Confirm Secret Key

      Enter the secret key for validation.

      Session Token

      If you provided an access key, you can leave this field blank.

      Organization

      Select an organization from the drop-down list.

      Description Description about the device
  3. In Step 2: Enter IP Range to Credential Associations, click New.
    1. Enter a host name, an IP, or an IP range in the IP/Host Name field.
    2. Select the name of your credential from the Credentials drop-down list.
    3. Click Save.
  4. Click the Test drop-down list and select Test Connectivity to test the connection to AWS SQS.
  5. To see the jobs associated with AWS SQS, select ADMIN > Setup > Pull Events.
  6. To see the received events select ANALYTICS, then enter "AWS" in the search box.

 

AWS Simple Queue Service (SQS)

Support Added: FortiSIEM 6.5.0

Vendor Version Tested: Not Provided

 

Vendor: Amazon

Product: Amazon Simple Queue Service (SQS)

Product Informationhttps://aws.amazon.com/sqs/

 

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
AWS SQS   service logs Log analysis

Event Types

In ADMIN > Device Support > Event Types, search for "aws sqs" to see the event types associated with this device.

 

Rules

There are no specific rules available for AWS SQS.

Reports

There are no specific reports available for AWS SQS.

 

Configuration

Setup in FortiSIEM

Complete these steps in the FortiSIEM UI:

  1. Go to the ADMIN > Setup > Credentials tab.
  2. In Step 1: Enter Credentials:
    1. Follow the instructions in "Setting Credentials" in the User's Guide to create a new credential.
    2. Enter these settings in the Access Method Definition dialog box:
      Note: Make sure no other devices use the same credential, otherwise events may appear missing.

      Settings Description
      Name Enter a name for the credential
      Device Type Amazon AWS SQS
      Access Protocol AWS SQS
      Region The region in which your AWS instance is located .
      SQS Queue URL Provide the full URL, for example:  https://sqs.us-west-2.amazonaws.com/623885071509/sqsforloadblancer

      Pull Interval

      The interval in which FortiSIEM will pull events from AWS SQS. Default is 5 minutes.

      Password Config See Password Configuration.
      Access Key ID The access key for your EC2 instance
      Secret Key The secret key for your EC2 instance

      Confirm Secret Key

      Enter the secret key for validation.

      Session Token

      If you provided an access key, you can leave this field blank.

      Organization

      Select an organization from the drop-down list.

      Description Description about the device
  3. In Step 2: Enter IP Range to Credential Associations, click New.
    1. Enter a host name, an IP, or an IP range in the IP/Host Name field.
    2. Select the name of your credential from the Credentials drop-down list.
    3. Click Save.
  4. Click the Test drop-down list and select Test Connectivity to test the connection to AWS SQS.
  5. To see the jobs associated with AWS SQS, select ADMIN > Setup > Pull Events.
  6. To see the received events select ANALYTICS, then enter "AWS" in the search box.