Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Cyberoam Firewall

Integration Points

Method Information discovered Metrics collected LOGs collected Used for
Syslog Host name, Reporting IP None Connection – permit and deny, system events, malware events Security monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "Cyberoam" to see the event types associated with this device.

Rules

No specific rules are written for Cyberoam firewall but generic firewall rules will apply.

Reports

No specific reports are written for Cyberoam firewall but generic firewall rules will apply.

Configuration

Configure Cyberoam firewall to send logs to FortiSIEM in the supported format (see Sample Events ).

Settings for Access Credentials

None required.

Sample Events

<30>date=2019-07-10 time=11:06:48 timezone="GMT" device_name="CR50iNG" device_id=C162213098933-QQ6REI

log_id=010101600001 log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed"

status="Allow" priority=Information duration=0 fw_rule_id=12 user_name="" user_gp="" iap=1

ips_policy_id=0 appfilter_policy_id=1 application="" application_risk=0 application_technology=""

application_category="" in_interface="PortA" out_interface="" src_mac=00: 0:00: 0:10: 0

src_ip=10.0.70.17 src_country_code=AP dst_ip=1.1.1.1 dst_country_code=IRL protocol="TCP"

src_port=61244 dst_port=443 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0

tran_dst_ip=10.0.0.13 tran_dst_port=8080 srczonetype="LAN" srczone="ZONE1"

dstzonetype="WAN" dstzone="WAN" dir_disp="" connevent="Start" connid="3340934816" vconnid=""

Cyberoam Firewall

Integration Points

Method Information discovered Metrics collected LOGs collected Used for
Syslog Host name, Reporting IP None Connection – permit and deny, system events, malware events Security monitoring

Event Types

In ADMIN > Device Support > Event Types, search for "Cyberoam" to see the event types associated with this device.

Rules

No specific rules are written for Cyberoam firewall but generic firewall rules will apply.

Reports

No specific reports are written for Cyberoam firewall but generic firewall rules will apply.

Configuration

Configure Cyberoam firewall to send logs to FortiSIEM in the supported format (see Sample Events ).

Settings for Access Credentials

None required.

Sample Events

<30>date=2019-07-10 time=11:06:48 timezone="GMT" device_name="CR50iNG" device_id=C162213098933-QQ6REI

log_id=010101600001 log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed"

status="Allow" priority=Information duration=0 fw_rule_id=12 user_name="" user_gp="" iap=1

ips_policy_id=0 appfilter_policy_id=1 application="" application_risk=0 application_technology=""

application_category="" in_interface="PortA" out_interface="" src_mac=00: 0:00: 0:10: 0

src_ip=10.0.70.17 src_country_code=AP dst_ip=1.1.1.1 dst_country_code=IRL protocol="TCP"

src_port=61244 dst_port=443 sent_pkts=0 recv_pkts=0 sent_bytes=0 recv_bytes=0 tran_src_ip= tran_src_port=0

tran_dst_ip=10.0.0.13 tran_dst_port=8080 srczonetype="LAN" srczone="ZONE1"

dstzonetype="WAN" dstzone="WAN" dir_disp="" connevent="Start" connid="3340934816" vconnid=""