Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Fortinet FortiWeb

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
SNMP Host Name, Vendor, Model, Version, Hardware Model, hardware CPU, memory, Disk, Interface, Uptime Performance monitoring
Syslog   System events (e.g. configuration changes), System up/down/restart events, Performance issues, Admin logon events, Security exploits Security Monitoring and compliance
Supported Syslog format

Currently FortiSIEM supports FortiWeb native logging format and not CEF format.

Event Types

In ADMIN > Device Support > Event Types, search for "fortiweb" to see the event types associated with this device.

Rules

In RESOURCES > Rules, search for "fortiweb" in the main content panel Search... field to see the rules associated with this device.

For generic availability rules, see RESOURCES > Rules > Availability > Network.

For generic performance rules, see RESOURCES > Rules > Performance > Network.

Reports

In RESOURCES > Reports, search for "fortiweb" in the main content panel Search... field to see the reports associated with this device.

Configuration

Syslog

Configure FortiWeb appliance to send logs to FortiSIEM. Make sure the format matches. Configuration steps can be found in the FortiWeb Administration Guide Logging section. Remember to point your syslog policy to the FortiSIEM collector IP address.

Sample FortiWeb Syslog

date=2016-02-18 time=10:00:05 log_id=00001002 msg_id=000067508821 device_

id=FV400D3A15000010 vd="root" timezone="(GMT+3:00)Baghdad" type=event subtype="admin"

pri=information trigger_policy="" user=admin ui=GUI action=edit status=success msg="User

admin changed global from GUI(172.22.6.66)

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Fortinet FortiWeb
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration

Fortinet FortiWeb

What is Discovered and Monitored

Protocol Information Discovered Metrics Collected Used For
SNMP Host Name, Vendor, Model, Version, Hardware Model, hardware CPU, memory, Disk, Interface, Uptime Performance monitoring
Syslog   System events (e.g. configuration changes), System up/down/restart events, Performance issues, Admin logon events, Security exploits Security Monitoring and compliance
Supported Syslog format

Currently FortiSIEM supports FortiWeb native logging format and not CEF format.

Event Types

In ADMIN > Device Support > Event Types, search for "fortiweb" to see the event types associated with this device.

Rules

In RESOURCES > Rules, search for "fortiweb" in the main content panel Search... field to see the rules associated with this device.

For generic availability rules, see RESOURCES > Rules > Availability > Network.

For generic performance rules, see RESOURCES > Rules > Performance > Network.

Reports

In RESOURCES > Reports, search for "fortiweb" in the main content panel Search... field to see the reports associated with this device.

Configuration

Syslog

Configure FortiWeb appliance to send logs to FortiSIEM. Make sure the format matches. Configuration steps can be found in the FortiWeb Administration Guide Logging section. Remember to point your syslog policy to the FortiSIEM collector IP address.

Sample FortiWeb Syslog

date=2016-02-18 time=10:00:05 log_id=00001002 msg_id=000067508821 device_

id=FV400D3A15000010 vd="root" timezone="(GMT+3:00)Baghdad" type=event subtype="admin"

pri=information trigger_policy="" user=admin ui=GUI action=edit status=success msg="User

admin changed global from GUI(172.22.6.66)

Settings for Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Fortinet FortiWeb
Access Protocol See Access Credentials
Port See Access Credentials
Password config See Password Configuration