Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

GitHub

Integration Points

Protocol Information collected Used for
GitHub API Logs from the GitHub Service Security and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "GitHub" to see the event types associated with this device.

Rules

In RESOURCES > Rules, search for "GitHub" in the main content panel Search... field to see the rules associated with this device.

Reports

In RESOURCES > Reports, search for "GitHub" in the main content panel Search... field to see the reports associated with this device.

Configuration

Configuring GitHub Server

Create an account to be used for FortiSIEM communication.

Configuring FortiSIEM

Use the account in previous step to enable FortiSIEM access.

  1. Login to FortiSIEM.
  2. Go to ADMIN > Setup > Credentials.
  3. In Step 1: Enter Credentials, click New to create a GitHub credential.
  4. Enter these settings in the Access Method Definition dialog box:

    Settings

    Description

    Name Enter a name for the credential
    Device Type GitHub.com GitHub
    Access Protocol GitHub API
    Pull Interval The interval in which FortiSIEM will pull events. Default is 5 minutes.
    Password Config See Password Configuration
    User Name and Password Enter the user name and password for the account created while Configuring GitHub Server.
    Organization Choose the Organization if it is an MSP deployment and the same credential has to be used for multiple customers.
    Description Description of the device
  5. In Step 2: Enter IP Range to Credential Associations, click New.
    1. Set IP/Host Name to the IP address of the GitHub Server.
    2. Select the Credential created in steps 3 and 4.
    3. Click Save.
  6. Select the entry in step 3 above and click the Test drop-down list, and select Test Connectivity.
  7. After Test Connectivity succeeds, an entry will be created in ADMIN > Setup > Pull Events corresponding to this event pulling job. FortiSIEM will start to pull events from GitHub server using the API.

To test for received GitHub events:

  1. Go to ADMIN > Setup > Pull Events.
  2. Select the GitHub entry and click Report.

The system will take you to the ANALYTICS tab and run a query to display the events received from GitHub in the last 15 minutes. You can modify the time interval to get more events.

GitHub

Integration Points

Protocol Information collected Used for
GitHub API Logs from the GitHub Service Security and Compliance

Event Types

In ADMIN > Device Support > Event Types, search for "GitHub" to see the event types associated with this device.

Rules

In RESOURCES > Rules, search for "GitHub" in the main content panel Search... field to see the rules associated with this device.

Reports

In RESOURCES > Reports, search for "GitHub" in the main content panel Search... field to see the reports associated with this device.

Configuration

Configuring GitHub Server

Create an account to be used for FortiSIEM communication.

Configuring FortiSIEM

Use the account in previous step to enable FortiSIEM access.

  1. Login to FortiSIEM.
  2. Go to ADMIN > Setup > Credentials.
  3. In Step 1: Enter Credentials, click New to create a GitHub credential.
  4. Enter these settings in the Access Method Definition dialog box:

    Settings

    Description

    Name Enter a name for the credential
    Device Type GitHub.com GitHub
    Access Protocol GitHub API
    Pull Interval The interval in which FortiSIEM will pull events. Default is 5 minutes.
    Password Config See Password Configuration
    User Name and Password Enter the user name and password for the account created while Configuring GitHub Server.
    Organization Choose the Organization if it is an MSP deployment and the same credential has to be used for multiple customers.
    Description Description of the device
  5. In Step 2: Enter IP Range to Credential Associations, click New.
    1. Set IP/Host Name to the IP address of the GitHub Server.
    2. Select the Credential created in steps 3 and 4.
    3. Click Save.
  6. Select the entry in step 3 above and click the Test drop-down list, and select Test Connectivity.
  7. After Test Connectivity succeeds, an entry will be created in ADMIN > Setup > Pull Events corresponding to this event pulling job. FortiSIEM will start to pull events from GitHub server using the API.

To test for received GitHub events:

  1. Go to ADMIN > Setup > Pull Events.
  2. Select the GitHub entry and click Report.

The system will take you to the ANALYTICS tab and run a query to display the events received from GitHub in the last 15 minutes. You can modify the time interval to get more events.