Change Log

Overview

FortiSIEM Port Usage

Supported Devices and Applications by Vendor

Applications

Application Server

• Apache Tomcat
• IBM WebSphere
• Microsoft ASP.NET
• Oracle GlassFish Server
• Oracle WebLogic
• Red Hat JBoss

Authentication Server

• Cisco Access Control Server (ACS)
• Cisco Duo
• Cisco Identity Solution Engine (ISE)
• CyberArk Password Vault
• Fortinet FortiAuthenticator
• Juniper Networks Steel-Belted RADIUS
• Microsoft Internet Authentication Server (IAS)
• Microsoft Network Policy Server (RAS VPN)
• OneIdentity Safeguard
• Vasco DigiPass

Database Server

• IBM DB2 Server
• Microsoft SQL Server
• MySQL Server
• Oracle Database Server

DHCP and DNS Server

• Infoblox DNS/DHCP
• ISC BIND DNS
• Linux DHCP
• Microsoft DHCP (2003, 2008)
• Microsoft DNS (2003, 2008)

Directory Server

• Microsoft Active Directory

Document Management Server

• Microsoft SharePoint

Healthcare IT

• Epic EMR/EHR System

Mail Server

• Microsoft Exchange

Management Server/Appliance

• Cisco Application Centric Infrastructure (ACI)
• Fortinet FortiInsight
• Fortinet FortiManager
• HPE Integrated Lights-Out (iLO)
• VMware NSX for vSphere

Remote Desktop

• Citrix Receiver (ICA)

Source Code Control

• GitHub
• GitLab API
• GitLab CLI

Unified Communication Server

• Avaya Call Manager
• Cisco Call Manager
• Cisco Contact Center
• Cisco Presence Server
• Cisco Tandeberg Telepresence Video Communication Server (VCS)
• Cisco Telepresence Multipoint Control Unit (MCU)
• Cisco Telepresence Video Communication Server
• Cisco Unity Connection

Web Server

• Apache Web Server
• Microsoft IIS for Windows 2000 and 2003
• Microsoft IIS for Windows 2008
• NGINX Web Server

Blade Servers

• Cisco UCS Server
• HP BladeSystem

Cloud Access Security Broker (CASB)

• Fortinet FortiCASB
• Oracle Cloud Access Security Broker

Cloud Applications

• Alcide.io KAudit
• AWS Access Key IAM Permissions and IAM Policies
• AWS CloudTrail API
• AWS EC2
• AWS EC2 CloudWatch API
• AWS ELB
• AWS Kinesis
• AWS RDS
• AWS Security Hub
• AWS SQS
• AWS Simple Storage Service (S3)
• Box.com
• Cisco Umbrella
• Google Cloud Platform - Pub/Sub Integration
• Google Workspace (Formerly G Suite and Google Apps)
• Microsoft Azure Audit
• Microsoft Azure Compute
• Microsoft Azure Event Hub
• Microsoft Cloud App Security
• Microsoft Defender for Identity/Microsoft Azure ATP

• Microsoft Entra Identity Protection

• Microsoft Office365 Audit
• Okta
• Oracle Cloud Infrastructure
• Salesforce CRM Audit
• Zscaler Nanolog Streaming Service (NSS)

Console Access Devices

• Lantronix SLC Console Manager

Customer Relationship Management (CRM)

• Workday Enterrpise Suite (Report API via Generic HTTPS Poller)

End Point Security Software

• Bit9 Security Platform
• Bitdefender GravityZone
• Carbon Black Security Platform
• Cisco AMP Cloud V0
• Cisco AMP for Endpoints API V1
• Cisco Security Agent (CSA)
• CloudPassage Halo
• CrowdStrike Endpoint Security
• Cybereason
• Digital Guardian Code Green DLP
• ESET NOD32 Anti-Virus
• FortiClient
• Fortinet FortiEDR
• Kaspersky
• Malwarebytes Breach Remediation
• MalwareBytes EndPoint Protection
• McAfee ePolicy Orchestrator (ePO)
• Microsoft Defender for Endpoint/Microsoft Windows Defender ATP
• MobileIron Sentry and Connector
• Netwrix Auditor
• Palo Alto Traps Endpoint Security Manager
• SentinelOne
• Sophos Central
• Sophos Endpoint Security and Control
• Symantec Endpoint Protection
• Symantec SEPM
• Tanium Connect
• Trend Micro Interscan Web Filter
• Trend Micro Intrusion Defense Firewall (IDF)
• Trend Micro OfficeScan

Firewalls

• Check Point FireWall-1
• Check Point Provider-1
  • CLM for Check Point Provider-1
  • CMA for Check Point Provider-1
  • MDS for Check Point Provider-1
  • MLM for Check Point Provider-1
• Check Point VSX
• Cisco Adaptive Security Appliance (ASA)
• Cisco Firepower Threat Defense (FTD)
• Clavister Firewall
• Cyberoam Firewall
• Dell SonicWALL
• Fortinet FortiGate Firewall
• Hillstone Firewall
• Imperva SecureSphere Web App Firewall
• Juniper Networks SSG
• McAfee Firewall Enterprise (Sidewinder)
• Palo Alto Firewall
• Sophos UTM
• Stormshield Network Security
• Tigera Calico
• UserGate UTM Firewall
• WatchGuard Firebox

Load Balancers and Application Firewalls

• Barracuda Web Application Firewall
• Brocade ServerIron ADX
• Citrix Netscaler Application Delivery Controller (ADC)
• F5 Networks Application Security Manager
• F5 Networks Local Traffic Manager
• F5 Networks Web Accelerator
• Fortinet FortiADC
• Qualys Web Application Firewall
• Zscaler Cloud Firewall

Log Aggregators

• Fortinet FortiAnalyzer

Network Compliance Management Applications

• Cisco Network Compliance Manager
• PacketFence

Network Detection and Response (NDR)

• Fortinet FortiNDR (Formerly FortiAI)
• Zeek Network Security Monitor (Previously known as Bro)

Network Intrusion Detection System

• Microsoft Advanced Threat Analytics (ATA) On Premise Platform

Network Intrusion Prevention System

• 3COM TippingPoint UnityOne IPS
• AirTight Networks SpectraGuard
• Alert Logic IRIS API
• Armis Asset Intelligence Platform
• Cisco Firepower Management Center (FMC) - Formerly FireSIGHT and FirePower Threat Defense
• Cisco Intrusion Prevention System
• Cisco Stealthwatch
• Claroty Continuous Threat Detection
• Corero Smartwall Threat Defense System
• Cylance Protect Endpoint Protection
• Cyphort Cortex Endpoint Protection
• Damballa Failsafe
• Darktrace CyberIntelligence Platform
• Dragos Platform
• FireEye Malware Protection System (MPS)
• FortiDDoS
• Fortinet FortiDeceptor
• Fortinet FortiNAC
• Fortinet FortiSandbox
• Fortinet FortiTester
• IBM Internet Security Series Proventia
• Indegy Security Platform
• Juniper DDoS Secure
• Juniper Networks IDP Series
• McAfee Network Security Platform (Formerly McAfee IntruShield)
• McAfee Stonesoft IPS
• Motorola AirDefense
• Palo Alto Cortex XDR
• Radware DefensePro
• Snort Intrusion Prevention System
• Sourcefire 3D and Defense Center
• Trend Micro Deep Discovery
• Zeek (Bro) Installed on Security Onion

Operational Technology

• APC Netbotz Environmental Monitor
• APC UPS
• Claroty Continuous Threat Detection
• Dragos Platform
• Generic UPS
• Hirschmann SCADA Firewalls and Switches
• Liebert FPC
• Liebert HVAC
• Liebert UPS
• Microsoft Defender for IoT (Was CyberX OT/IoT Security)
• Nozomi Central Management Control
• Nozomi SCADAguardian
• OTORIO RAM2 (Risk Assessment, Monitoring and Management)