Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • External Systems Configuration Guide

    Home FortiSIEM 6.6.3 External Systems Configuration Guide
    6.6.3
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.7.9
    6.7.8
    6.7.7
    6.7.6
    6.7.5
    6.7.4
    6.7.3
    6.7.2
    6.7.1
    6.7.0
    6.6.5
    6.6.4
    6.6.3
    6.6.2
    6.6.1
    6.6.0
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    6.1.0
    5.4.0
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.0.0

    Oracle Cloud Access Security Broker (CASB)

    Oracle Cloud Access Security Broker (CASB)

    What is Discovered and Monitored

    Protocol Information Discovered Metrics Collected Used For
    API Risk Events, Risk Alerts and Policy Event logs Security Monitoring

    Event Types

    In ADMIN > Device Support > Event Types, search for "Oracle-CASB-" to see the event types associated with this device. In FortiSIEM 6.2.0, there are 3 event types defined.

    Rules

    There are no specific rules available for Oracle CASB.

    Reports

    There are no specific reports available for Oracle CASB. You can view all Oracle events by taking the following steps.

    1. From the ANALYTICS page, click in the Edit Filters and Time Range field.
    2. Under Filter, select Event Attribute.
    3. In the Attribute field, select/enter "Event Type".
    4. In the Operator field, select "CONTAIN".
    5. In the Value field, enter "Oracle-CASB-".
    6. (Optional) Click Save to save the search parameters for future related searches.
    7. Click Apply & Run.

    Configuration

    Setup in FortiSIEM

    FortiSIEM processes events from this via the Oracle CASB API. Configure and obtain from the Oracle CASB Portal, the access key and secret from the API before proceeding.

    Complete these steps in the FortiSIEM UI:

    1. Go to the ADMIN > Setup > Credentials tab.
    2. In Step 1: Enter Credentials:
      1. Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
      2. Enter these settings in the Access Method Definition dialog box:

        SettingsDescription
        NameEnter a name for the credential.
        Device TypeOracle CASB
        Access ProtocolOracle CASB API
        Pull Interval5 minutes
        Access KeyThe access key for your Oracle CASB instance.
        Secret KeyThe secret key for Oracle CASB instance.

        Confirm Secret Key

        Input the same secret key as above for verification.

        DescriptionDescription about the device
    3. In Step 2: Enter IP Range to Credential Associations, click New.
      1. Enter a host name, an IP, or an IP range in the IP/Host Name field.
      2. Select the name of your credential from the Credentials drop-down list.
      3. Click Save.
    4. Click the Test drop-down list and select Test Connectivity to test the connection to Oracle CASB.
    5. To see the jobs associated with Oracle CASB, select ADMIN > Setup > Pull Events.
    6. To see the received events select ANALYTICS, then enter "CASB" in the search box.

    Sample Log

    <![CDATA[[FSM-OracleCASB-riskevent] [1] {"id":"aa1nhj35-6d84-3f5a-a9b5-3e1509bad324","uri":"/v1/events/riskevent?eventId=aa1eab35-6d84-3f5a-a9b5-3e1509bad324&applicationInstanceId;=5786ed4c-3527-413d-8j19-da93d0f065c8","appname":"AWS","appinstance":"awse2e_01","appinstanceid":"64909d3d-3855-5de1-49ed-6452ae9f6365","snapdate":"2017-10-25","title":"DeleteSecurityGroup action in EC2 SecurityGroup \"SecurityGroup\"","additionalDetails":[{"Details":[{"name":"Actor","value":"funct_test_nonservice"},{"name":"Resource type","value":"EC2 SecurityGroup"},{"name":"Group","value":"SecurityGroup"},{"name":"Resource name","value":"[JKSecurityGroup]"},{"name":"Action","value":"DeleteSecurityGroup"},{"name":"Policy alert name","value":"EC2 - Instances Network Routes Network ACL VPN and Security Group changes"},{"name":"Occurred","value":"2017-10-25T17:17:29Z"},{"name":"recommendationkey","value":"AWS~PolicyAlert~ec2deletesecuritygroup"}],"Logdata":"{\"requestParameters\" :{\"groupName\" :\"SecurityGroup\"},\"responseElements\" :{\"_return\" :true},\"eventVersion\" :\"1.05\",\"eventTime\" :\"2017-10-25T17:17:29Z\",\"eventSource\" :\"ec2.amazonaws.com\",\"eventName\" :\"DeleteSecurityGroup\",\"awsRegion\" :\"us-east-1\",\"sourceIPAddress\" :\"54.191.225.186\",\"userAgent\" :\"aws-sdk-java/1.10.54 Linux/3.13.0-35-generic Java_HotSpot(TM)_64-Bit_Server_VM/25.60-b23/1.8.0_60\",\"userIdentity\" :{\"type\" :\"IAMUser\",\"principalId\" :\"BGHAJVECQI6KOIYZMM42A\",\"arn\" :\"arn:aws:iam::141111463221:user/funct_test_nonservice\",\"accountId\" :\"141111462111\",\"accessKeyId\" :\"BJKFJ4J6OYTZDBHN3KA\",\"userName\" :\"funct_test_nonservice\"},\"requestID\" :\"bc44cd99-fac7-4e6c-8868-382c26fc95ee\",\"eventID\" :\"664d6fa8-8bdf-4bda-af5c-55d447620a78\"}"}],"category":"Policy alert","priority":"High","status":"Open","createdon":"2017-10-25T17:33:55.000Z","realeventtime":"2017-10-25T17:17:29.000Z"}]]>
    Previous
    Next

    Oracle Cloud Access Security Broker (CASB)

    Oracle Cloud Access Security Broker (CASB)

    What is Discovered and Monitored

    Protocol Information Discovered Metrics Collected Used For
    API Risk Events, Risk Alerts and Policy Event logs Security Monitoring

    Event Types

    In ADMIN > Device Support > Event Types, search for "Oracle-CASB-" to see the event types associated with this device. In FortiSIEM 6.2.0, there are 3 event types defined.

    Rules

    There are no specific rules available for Oracle CASB.

    Reports

    There are no specific reports available for Oracle CASB. You can view all Oracle events by taking the following steps.

    1. From the ANALYTICS page, click in the Edit Filters and Time Range field.
    2. Under Filter, select Event Attribute.
    3. In the Attribute field, select/enter "Event Type".
    4. In the Operator field, select "CONTAIN".
    5. In the Value field, enter "Oracle-CASB-".
    6. (Optional) Click Save to save the search parameters for future related searches.
    7. Click Apply & Run.

    Configuration

    Setup in FortiSIEM

    FortiSIEM processes events from this via the Oracle CASB API. Configure and obtain from the Oracle CASB Portal, the access key and secret from the API before proceeding.

    Complete these steps in the FortiSIEM UI:

    1. Go to the ADMIN > Setup > Credentials tab.
    2. In Step 1: Enter Credentials:
      1. Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
      2. Enter these settings in the Access Method Definition dialog box:

        SettingsDescription
        NameEnter a name for the credential.
        Device TypeOracle CASB
        Access ProtocolOracle CASB API
        Pull Interval5 minutes
        Access KeyThe access key for your Oracle CASB instance.
        Secret KeyThe secret key for Oracle CASB instance.

        Confirm Secret Key

        Input the same secret key as above for verification.

        DescriptionDescription about the device
    3. In Step 2: Enter IP Range to Credential Associations, click New.
      1. Enter a host name, an IP, or an IP range in the IP/Host Name field.
      2. Select the name of your credential from the Credentials drop-down list.
      3. Click Save.
    4. Click the Test drop-down list and select Test Connectivity to test the connection to Oracle CASB.
    5. To see the jobs associated with Oracle CASB, select ADMIN > Setup > Pull Events.
    6. To see the received events select ANALYTICS, then enter "CASB" in the search box.

    Sample Log

    <![CDATA[[FSM-OracleCASB-riskevent] [1] {"id":"aa1nhj35-6d84-3f5a-a9b5-3e1509bad324","uri":"/v1/events/riskevent?eventId=aa1eab35-6d84-3f5a-a9b5-3e1509bad324&applicationInstanceId;=5786ed4c-3527-413d-8j19-da93d0f065c8","appname":"AWS","appinstance":"awse2e_01","appinstanceid":"64909d3d-3855-5de1-49ed-6452ae9f6365","snapdate":"2017-10-25","title":"DeleteSecurityGroup action in EC2 SecurityGroup \"SecurityGroup\"","additionalDetails":[{"Details":[{"name":"Actor","value":"funct_test_nonservice"},{"name":"Resource type","value":"EC2 SecurityGroup"},{"name":"Group","value":"SecurityGroup"},{"name":"Resource name","value":"[JKSecurityGroup]"},{"name":"Action","value":"DeleteSecurityGroup"},{"name":"Policy alert name","value":"EC2 - Instances Network Routes Network ACL VPN and Security Group changes"},{"name":"Occurred","value":"2017-10-25T17:17:29Z"},{"name":"recommendationkey","value":"AWS~PolicyAlert~ec2deletesecuritygroup"}],"Logdata":"{\"requestParameters\" :{\"groupName\" :\"SecurityGroup\"},\"responseElements\" :{\"_return\" :true},\"eventVersion\" :\"1.05\",\"eventTime\" :\"2017-10-25T17:17:29Z\",\"eventSource\" :\"ec2.amazonaws.com\",\"eventName\" :\"DeleteSecurityGroup\",\"awsRegion\" :\"us-east-1\",\"sourceIPAddress\" :\"54.191.225.186\",\"userAgent\" :\"aws-sdk-java/1.10.54 Linux/3.13.0-35-generic Java_HotSpot(TM)_64-Bit_Server_VM/25.60-b23/1.8.0_60\",\"userIdentity\" :{\"type\" :\"IAMUser\",\"principalId\" :\"BGHAJVECQI6KOIYZMM42A\",\"arn\" :\"arn:aws:iam::141111463221:user/funct_test_nonservice\",\"accountId\" :\"141111462111\",\"accessKeyId\" :\"BJKFJ4J6OYTZDBHN3KA\",\"userName\" :\"funct_test_nonservice\"},\"requestID\" :\"bc44cd99-fac7-4e6c-8868-382c26fc95ee\",\"eventID\" :\"664d6fa8-8bdf-4bda-af5c-55d447620a78\"}"}],"category":"Policy alert","priority":"High","status":"Open","createdon":"2017-10-25T17:33:55.000Z","realeventtime":"2017-10-25T17:17:29.000Z"}]]>
    Previous
    Next