Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • External Systems Configuration Guide

    Home FortiSIEM 6.5.2 External Systems Configuration Guide
    6.5.2
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.7.9
    6.7.8
    6.7.7
    6.7.6
    6.7.5
    6.7.4
    6.7.3
    6.7.2
    6.7.1
    6.7.0
    6.6.5
    6.6.4
    6.6.3
    6.6.2
    6.6.1
    6.6.0
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    6.1.0
    5.4.0
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.0.0

    GitLab API

    GitLab API

    Integration Points

    Protocol Information collected Used For
    syslog 15 Log files including production.log and application.log – over 130 event types pre-fixed with 'GitLab-' Security and Compliance
    API Code commit, Changes to Projects, Branches, Tag, DiscussionNoted, Tag, Issues, Snippets, Repositories, User created, deleted, modified.

    Security and Compliance

    Event Types

    In RESOURCES > Event Types, enter "GitLab" in the main content panel Search... field to see the events associated with this device.

    Rules

    No defined rules.

    Reports

    In RESOURCES > Reports, enter "GitLab" in the main content panel Search... field to see the reports associated with this device.

    Syslog Integration

    Configure GitLab to send syslog to FortiSIEM via UDP on port 514. See here for details.

    FortiSIEM will automatically detect GitHLab log patterns and parse the logs. Currently, the following log files are parsed: api_json.log, application.log, gitaly, gitlab-monitor, gitlab-shell.log, gitlab-workhorse.log, gitlab_access.log,production.log, production_json.log, Prometheus, Redis, remote-syslog, sidekiq, sidekiq_exporter.log, unicorn_stderr.log.

    Currently, over 134 GitLab event types are parsed. To see the event types:

    1. Login to FortiSIEM.
    2. Go to RESOURCES > Event Types.
    3. Search for "GitLab".

    Use cases covered via syslog:

    • Failed and Successful Login
    • Git command execution
    • Git API requests

    To test for received GitLab events received via syslog:

    1. Login to FortiSIEM.
    2. Go to ANALYTICS.
    3. Click the Edit Filters and Time Range... field:
      1. Choose the Event Attribute option.
      2. Create the Search condition
        Attribute: Event Type
        Operator: CONTAIN
        Value: GitLab
      3. Change Time Range to be Last 1 Hour
      4. Click Apply & Run.
    4. See the GitLab events on the GUI.

    API Integration

    FortiSIEM can also pull logs from GitLab using GitLab API.

    Currently, over 134 GitLab event types are parsed. To see the event types:

    1. Login to FortiSIEM.
    2. Go to RESOURCES > Event Types.
    3. Search for "GitLab".

    Use cases covered via API:

    • Code commit – note that the current API does not capture committed files.
    • Changes to Projects, Branches, Tag, DiscussionNoted, Tag, Issues, Snippets, Repositories etc
    • User created, deleted, modified

    For more details, see here.

    Configuring GitLab Server

    Create a personal access token to be used for FortiSIEM communication.

    1. Login to your GitLab account.
    2. Go to your Profile settings.
    3. Go to Access tokens.
    4. Choose a name and optionally an expiry date for the token.
    5. Choose the desired scopes: api is required.
    6. Click Create Personal Access Token. Save the personal access token in your local system. Note that once you leave or refresh the page, you won't be able to access it again.

    For more details, see here.

    Configuring FortiSIEM for GitLab API

    Use the Personal Access Token in Configuring GitLab Server to enable FortiSIEM access.

    1. Login to FortiSIEM.
    2. Go to ADMIN > Setup > Credentials.
    3. In Step 1: Enter Credentials, click New to create a GitLab credential.
    4. Enter these settings in the Access Method Definition dialog box:

      Settings

      Description

      NameEnter a name for the credential
      Device Type GitLab GitLab (Vendor = GitLab, Model = Gitlab)
      Access Protocol GitLab API
      Pull Interval The interval in which FortiSIEM will pull events from GitLab. Default is 5 minutes.
      Password ConfigManual
      Account NameEnter an account name.
      Personal Access TokenEnter the token you obtained in Configuring GitLab Server.
      Description Description of the device
    5. In Step 2: Enter IP Range to Credential Associations, click New.
      1. In IP/Host Name, enter the IP of GitLab Server.
      2. Select the Credential created in step 4 above.
      3. Click Save.
    6. Select the entry in step 3 above, click the Test drop-down list and select Test Connectivity. Once successful, an entry will be created in ADMIN > Setup > Pull Events. FortiSIEM will start to pull events from GitLab using the API.

    To test for received GitLab events:

    1. Go to ADMIN > Setup > Pull Events.
    2. Select the GitLab entry and click Report.

    The system will take you to the ANALYTICS tab and run a query to display the events received from GitLab in the last 15 minutes. You can modify the time interval to get more events.

    Sample Event

    [GITLAB_EVENT_DATA] = {"action_name":"pushed to","author":{"avatar_url":"https://abc.cda.com/avatar/62e30f8b2d3cbc60ed22c217c5fa4e57?s=80&d=identicon","id":185,"name":"user1","state":"active","username":" user1","web_url":"https://dac.com/gitmirror"},"author_id":185,"author_username":" user1","created_at":"2018-11-13T22:30:30.340Z","project_id":553,"push_data":{"action":"pushed","commit_count":2,"commit_from":"da5a4fd97fd1f6b7c5a8611c12592eb5e9ff9e2b","commit_title":"Merge \"Fix bizservice popup display issue and switching org in bizs...","commit_to":"30d863ece3957aacc95ec45c7663c426c73f38f2","ref":"releases/FCS5_2_1","ref_type":"branch"},"serverIp":"172.30.35.11","serverName":"abc.com","target_id":null,"target_iid":null,"target_title":null,"target_type":null}

    Previous
    Next

    GitLab API

    GitLab API

    Integration Points

    Protocol Information collected Used For
    syslog 15 Log files including production.log and application.log – over 130 event types pre-fixed with 'GitLab-' Security and Compliance
    API Code commit, Changes to Projects, Branches, Tag, DiscussionNoted, Tag, Issues, Snippets, Repositories, User created, deleted, modified.

    Security and Compliance

    Event Types

    In RESOURCES > Event Types, enter "GitLab" in the main content panel Search... field to see the events associated with this device.

    Rules

    No defined rules.

    Reports

    In RESOURCES > Reports, enter "GitLab" in the main content panel Search... field to see the reports associated with this device.

    Syslog Integration

    Configure GitLab to send syslog to FortiSIEM via UDP on port 514. See here for details.

    FortiSIEM will automatically detect GitHLab log patterns and parse the logs. Currently, the following log files are parsed: api_json.log, application.log, gitaly, gitlab-monitor, gitlab-shell.log, gitlab-workhorse.log, gitlab_access.log,production.log, production_json.log, Prometheus, Redis, remote-syslog, sidekiq, sidekiq_exporter.log, unicorn_stderr.log.

    Currently, over 134 GitLab event types are parsed. To see the event types:

    1. Login to FortiSIEM.
    2. Go to RESOURCES > Event Types.
    3. Search for "GitLab".

    Use cases covered via syslog:

    • Failed and Successful Login
    • Git command execution
    • Git API requests

    To test for received GitLab events received via syslog:

    1. Login to FortiSIEM.
    2. Go to ANALYTICS.
    3. Click the Edit Filters and Time Range... field:
      1. Choose the Event Attribute option.
      2. Create the Search condition
        Attribute: Event Type
        Operator: CONTAIN
        Value: GitLab
      3. Change Time Range to be Last 1 Hour
      4. Click Apply & Run.
    4. See the GitLab events on the GUI.

    API Integration

    FortiSIEM can also pull logs from GitLab using GitLab API.

    Currently, over 134 GitLab event types are parsed. To see the event types:

    1. Login to FortiSIEM.
    2. Go to RESOURCES > Event Types.
    3. Search for "GitLab".

    Use cases covered via API:

    • Code commit – note that the current API does not capture committed files.
    • Changes to Projects, Branches, Tag, DiscussionNoted, Tag, Issues, Snippets, Repositories etc
    • User created, deleted, modified

    For more details, see here.

    Configuring GitLab Server

    Create a personal access token to be used for FortiSIEM communication.

    1. Login to your GitLab account.
    2. Go to your Profile settings.
    3. Go to Access tokens.
    4. Choose a name and optionally an expiry date for the token.
    5. Choose the desired scopes: api is required.
    6. Click Create Personal Access Token. Save the personal access token in your local system. Note that once you leave or refresh the page, you won't be able to access it again.

    For more details, see here.

    Configuring FortiSIEM for GitLab API

    Use the Personal Access Token in Configuring GitLab Server to enable FortiSIEM access.

    1. Login to FortiSIEM.
    2. Go to ADMIN > Setup > Credentials.
    3. In Step 1: Enter Credentials, click New to create a GitLab credential.
    4. Enter these settings in the Access Method Definition dialog box:

      Settings

      Description

      NameEnter a name for the credential
      Device Type GitLab GitLab (Vendor = GitLab, Model = Gitlab)
      Access Protocol GitLab API
      Pull Interval The interval in which FortiSIEM will pull events from GitLab. Default is 5 minutes.
      Password ConfigManual
      Account NameEnter an account name.
      Personal Access TokenEnter the token you obtained in Configuring GitLab Server.
      Description Description of the device
    5. In Step 2: Enter IP Range to Credential Associations, click New.
      1. In IP/Host Name, enter the IP of GitLab Server.
      2. Select the Credential created in step 4 above.
      3. Click Save.
    6. Select the entry in step 3 above, click the Test drop-down list and select Test Connectivity. Once successful, an entry will be created in ADMIN > Setup > Pull Events. FortiSIEM will start to pull events from GitLab using the API.

    To test for received GitLab events:

    1. Go to ADMIN > Setup > Pull Events.
    2. Select the GitLab entry and click Report.

    The system will take you to the ANALYTICS tab and run a query to display the events received from GitLab in the last 15 minutes. You can modify the time interval to get more events.

    Sample Event

    [GITLAB_EVENT_DATA] = {"action_name":"pushed to","author":{"avatar_url":"https://abc.cda.com/avatar/62e30f8b2d3cbc60ed22c217c5fa4e57?s=80&d=identicon","id":185,"name":"user1","state":"active","username":" user1","web_url":"https://dac.com/gitmirror"},"author_id":185,"author_username":" user1","created_at":"2018-11-13T22:30:30.340Z","project_id":553,"push_data":{"action":"pushed","commit_count":2,"commit_from":"da5a4fd97fd1f6b7c5a8611c12592eb5e9ff9e2b","commit_title":"Merge \"Fix bizservice popup display issue and switching org in bizs...","commit_to":"30d863ece3957aacc95ec45c7663c426c73f38f2","ref":"releases/FCS5_2_1","ref_type":"branch"},"serverIp":"172.30.35.11","serverName":"abc.com","target_id":null,"target_iid":null,"target_title":null,"target_type":null}

    Previous
    Next