TABLE OF CONTENTS
FortiSIEM External Systems Configuration Guide Online |
|
Change Log |
|
Overview |
|
FortiSIEM Port Usage |
|
Supported Devices and Applications by Vendor |
|
Applications |
|
Application Server |
|
Apache Tomcat |
|
IBM WebSphere |
|
Microsoft ASP.NET |
|
Oracle GlassFish Server |
|
Oracle WebLogic |
|
Redhat JBOSS |
|
Authentication Server |
|
Cisco Access Control Server (ACS) |
|
Cisco Duo |
|
Cisco Identity Solution Engine (ISE) |
|
CyberArk Password Vault |
|
Fortinet FortiAuthenticator |
|
Juniper Networks Steel-Belted RADIUS |
|
Microsoft Internet Authentication Server (IAS) |
|
Microsoft Network Policy Server (RAS VPN) |
|
OneIdentity Safeguard |
|
Vasco DigiPass |
|
Database Server |
|
IBM DB2 Server |
|
Microsoft SQL Server |
|
MySQL Server |
|
Oracle Database Server |
|
DHCP and DNS Server |
|
Infoblox DNS/DHCP |
|
ISC BIND DNS |
|
Linux DHCP |
|
Microsoft DHCP (2003, 2008) |
|
Microsoft DNS (2003, 2008) |
|
Directory Server |
|
Microsoft Active Directory |
|
Document Management Server |
|
Microsoft SharePoint |
|
Healthcare IT |
|
Epic EMR/EHR System |
|
Mail Server |
|
Microsoft Exchange |
|
Management Server/Appliance |
|
Cisco Application Centric Infrastructure (ACI) |
|
FortiInsight |
|
Fortinet FortiManager |
|
HPE Integrated Lights-Out (iLO) |
|
VMware NSX for vSphere |
|
Remote Desktop |
|
Citrix Receiver (ICA) |
|
Source Code Control |
|
GitHub |
|
GitLab API |
|
GitLab CLI |
|
Unified Communication Server |
|
Avaya Call Manager |
|
Cisco Call Manager |
|
Cisco Contact Center |
|
Cisco Presence Server |
|
Cisco Tandeberg Telepresence Video Communication Server (VCS) |
|
Cisco Telepresence Multipoint Control Unit (MCU) |
|
Cisco Telepresence Video Communication Server |
|
Cisco Unity Connection |
|
Web Server |
|
Apache Web Server |
|
Microsoft IIS for Windows 2000 and 2003 |
|
Microsoft IIS for Windows 2008 |
|
NGINX Web Server |
|
Blade Servers |
|
Cisco UCS Server |
|
HP BladeSystem |
|
Cloud Access Security Broker |
|
Fortinet FortiCASB |
|
Oracle Cloud Access Security Broker (CASB) |
|
Cloud Applications |
|
Alicide.io KAudit |
|
AWS Access Key IAM Permissions and IAM Policies |
|
AWS CloudTrail API |
|
Amazon AWS EC2 |
|
AWS EC2 CloudWatch API |
|
AWS Elastic Load Balancer |
|
AWS Kinesis |
|
AWS RDS |
|
AWS Security Hub |
|
AWS Simple Queue Service (SQS) |
|
Amazon Simple Storage Service (AWS S3) |
|
Box.com |
|
Cisco Umbrella |
|
Google Cloud Platform - Pub/Sub Integration |
|
Google Workspace (Formerly G Suite and Google Apps) |
|
Microsoft Azure Audit |
|
Microsoft Azure Compute |
|
Microsoft Azure Event Hub |
|
Microsoft Cloud App Security |
|
Microsoft Defender for Identity/Microsoft Azure ATP |
|
Microsoft Entra Identity Protection |
|
Microsoft Office365 Audit |
|
Okta |
|
Adding Users from Okta |
|
Configuring Okta Authentication |
|
Logging In to Okta |
|
Setting Up External Authentication |
|
Oracle Cloud Infrastructure |
|
Salesforce CRM Audit |
|
Zscaler Nanolog Streaming Service (NSS) |
|
Console Access Devices |
|
Lantronix SLC Console Manager |
|
Customer Relationship Management |
|
Workday Enterprise Suite |
|
End Point Security Software |
|
Bit9 Security Platform |
|
Bitdefender GravityZone |
|
Carbon Black Security Platform |
|
Cisco AMP Cloud V0 |
|
Cisco AMP Cloud V1 |
|
Cisco Security Agent (CSA) |
|
CloudPassage Halo |
|
Crowdstrike |
|
Cybereason |
|
Digital Guardian CodeGreen DLP |
|
ESET NOD32 Anti-Virus |
|
FortiClient |
|
Fortinet FortiEDR |
|
Kaspersky |
|
Malwarebytes Breach Remediation |
|
MalwareBytes EndPoint Protection |
|
McAfee ePolicy Orchestrator (ePO) |
|
Microsoft Windows Defender ATP |
|
MobileIron Sentry and Connector |
|
Netwrix Auditor (via Correlog Windows Agent) |
|
Palo Alto Traps Endpoint Security Manager |
|
SentinelOne |
|
Sophos Central |
|
Sophos Endpoint Security and Control |
|
Symantec Endpoint Protection |
|
Symantec SEPM |
|
Tanium Connect |
|
Trend Micro Interscan Web Filter |
|
Trend Micro Intrusion Defense Firewall (IDF) |
|
Trend Micro OfficeScan |
|
Firewalls |
|
Check Point FireWall-1 |
|
Check Point Provider-1 Firewall |
|
Configuring MDS for Check Point Provider-1 Firewalls |
|
Configuring MLM for Check Point Provider-1 Firewalls |
|
Configuring CMA for Check Point Provider-1 Firewalls |
|
Configuring CLM for Check Point Provider-1 Firewalls |
|
Check Point VSX Firewall |
|
Cisco Adaptive Security Appliance (ASA) |
|
Cisco Firepower Threat Defense (FTD) |
|
Clavister Firewall |
|
Cyberoam Firewall |
|
Dell SonicWALL Firewall |
|
Fortinet FortiGate Firewall |
|
Hillstone Firewall |
|
Imperva Securesphere Web App Firewall |
|
Juniper Networks SSG Firewall |
|
McAfee Firewall Enterprise (Sidewinder) |
|
Palo Alto Firewall |
|
Sophos UTM Firewall |
|
Stormshield Network Security |
|
Tigera Calico |
|
UserGate UTM Firewall |
|
WatchGuard Firebox Firewall |
|
Load Balancers and Application Firewalls |
|
Barracuda Web Application Firewall |
|
Brocade ServerIron ADX |
|
Citrix Netscaler Application Delivery Controller (ADC) |
|
F5 Networks Application Security Manager |
|
F5 Networks Local Traffic Manager |
|
F5 Networks Web Accelerator |
|
Fortinet FortiADC |
|
Qualys Web Application Firewall |
|
Zscaler Cloud Firewall |
|
Log Aggregators |
|
Fortinet FortiAnalyzer |
|
Network Compliance Management Applications |
|
Cisco Network Compliance Manager |
|
PacketFence Network Access Control (NAC) Integration |
|
Network Detection and Response (NDR) |
|
Fortinet FortiNDR (Formerly FortiAI) |
|
Zeek Network Security Monitor (Previously known as Bro) |
|
Network Intrusion Detection System |
|
Microsoft Advanced Threat Analytics (ATA) On Premise Platform |
|
Network Intrusion Prevention Systems (IPS) |
|
3COM TippingPoint UnityOne IPS |
|
AirTight Networks SpectraGuard |
|
Alert Logic IRIS API |
|
Armis Asset Intelligence Platform |
|
Cisco FireSIGHT and FirePower Threat Defense |
|
Cisco Intrusion Protection System |
|
Cisco Stealthwatch |
|
Claroty Continuous Threat Detection |
|
Corero Smartwall Threat Defense System |
|
Cylance Protect Endpoint Protection |
|
Cyphort Cortext Endpoint Protection |
|
Damballa Failsafe |
|
Darktrace CyberIntelligence Platform |
|
Dragos Platform |
|
FireEye Malware Protection System (MPS) |
|
FortiDDoS |
|
Fortinet FortiDeceptor |
|
Fortinet FortiNAC |
|
Fortinet FortiSandbox |
|
Fortinet FortiTester |
|
IBM Internet Security Series Proventia |
|
Juniper DDoS Secure |
|
Juniper Networks IDP Series |
|
McAfee Network Security Platform (Formerly McAfee IntruShield) |
|
McAfee Stonesoft IPS |
|
Motorola AirDefense |
|
Nozomi |
|
Palo Alto Cortex XDR |
|
Radware DefensePro |
|
Snort Intrusion Prevention System |
|
Sourcefire 3D and Defense Center |
|
Trend Micro Deep Discovery |
|
Zeek (Bro) installed on Security Onion |
|
Operational Technology |
|
APC Netbotz Environmental Monitor |
|
APC UPS |
|
Claroty Continuous Threat Detection |
|
Dragos Platform |
|
Generic UPS |
|
Hirschman SCADA Firewalls and Switches |
|
Liebert FPC |
|
Liebert HVAC |
|
Liebert UPS |
|
Microsoft Defender for IoT (Was CyberX OT/IoT Security) |
|
Nozomi Central Management Control |
|
Nozomi SCADAguardian |
|
OTORIO RAM2 (Risk Assessment, Monitoring and Management) |
|
Routers and Switches |
|
Alcatel TiMOS and AOS Switch |
|
Arista Router and Switch |
|
ArubaOS-CX Switching Platform |
|
Brocade NetIron CER Routers |
|
Cisco 300 Series Routers |
|
Cisco IOS Router and Switch |
|
How CPU and Memory Utilization is Collected for Cisco IOS |
|
Cisco Meraki Cloud Controller and Network Devices |
|
Cisco NX-OS Router and Switch |
|
Cisco ONS |
|
Cisco Viptela SDWAN Router |
|
Dell Force10 Router and Switch |
|
Dell NSeries Switch |
|
Dell PowerConnect Switch and Router |
|
Foundry Networks IronWare Router and Switch |
|
HP/3Com ComWare Switch |
|
HP ProCurve Switch |
|
HP Value Series (19xx) and HP 3Com (29xx) Switch |
|
Hirschman SCADA Firewalls and Switches |
|
Juniper Networks JunOS Switch |
|
Mikrotek Router |
|
Nortel ERS and Passport Switch |
|
Security Gateways |
|
Barracuda Networks Spam Firewall |
|
Blue Coat Web Proxy |
|
Cisco IronPort Mail Gateway |
|
Cisco IronPort Web Gateway |
|
Fortinet FortiMail |
|
Fortinet FortiProxy |
|
Fortinet FortiWeb |
|
Imperva Securesphere DB Monitoring Gateway |
|
Imperva Securesphere Security Gateway |
|
McAfee Vormetric Data Security Manager |
|
McAfee Web Gateway |
|
Microsoft ISA Server |
|
Proofpoint |
|
Squid Web Proxy |
|
SSH Comm Security CryptoAuditor |
|
Websense Web Filter |
|
Security Information and Event Management |
|
SAP Enterprise Threat Detection (ETD) |
|
Security Orchestration (SOAR) |
|
Fortinet FortiSOAR |
|
Servers and Workstations |
|
Apple MacOS Server |
|
HP UX Server |
|
IBM AIX Server |
|
IBM OS400 Server |
|
Linux Server |
|
Microsoft Windows Server |
|
QNAP Turbo NAS |
|
Sun Solaris Server |
|
Storage |
|
Brocade SAN Switch |
|
Dell Compellant Storage |
|
Dell EqualLogic Storage |
|
EMC Clarion Storage |
|
EMC Isilon Storage |
|
EMC VNX Storage |
|
NetApp DataOnTap |
|
NetApp Filer Storage |
|
Nimble Storage |
|
Nutanix Storage |
|
Threat Intelligence |
|
FortiInsight |
|
Lastline |
|
ThreatConnect |
|
Virtualization |
|
HyperV |
|
HyTrust CloudControl |
|
KVM |
|
Nutanix Prism |
|
VMware ESX |
|
VPN Gateways |
|
Cisco VPN 3000 Gateway |
|
Cyxtera AppGuard |
|
Juniper Networks SSL VPN Gateway |
|
Microsoft PPTP VPN Gateway |
|
Pulse Secure |
|
Vulnerability Scanners |
|
AlertLogic |
|
Digital Defense Frontline Vulnerability Manager |
|
Green League WVSS |
|
McAfee Vulnerability Manager (Formerly McAfee Foundstone Vulnerability Scanner) |
|
Qualys QualysGuard Scanner |
|
Qualys Vulnerability Scanner |
|
Rapid7 NeXpose Vulnerability Scanner (Vulnerability Management On-Premises) |
|
Rapid7 InsightVM (Platform Based Vulnerability Management) |
|
Tenable.io |
|
Tenable Nessus Vulnerability Scanner |
|
Tenable Security Center |
|
YXLink Vulnerability Scanner |
|
WAN Accelerators |
|
Cisco Wide Area Application Server |
|
Riverbed SteelHead WAN Accelerator |
|
Wireless LANs |
|
Aruba Networks Wireless LAN |
|
Cisco Wireless LAN |
|
CradlePoint |
|
FortiAP |
|
FortiWLC |
|
Motorola WiNG WLAN AP |
|
Ruckus Wireless LAN |
|
Ubiquiti |
|
Generic Log API Poller (HTTPS_ADVANCED) Integration |
|
Ingesting JSON Formatted Events Received via HTTP(S) POST |
|
Using Virtual IPs to Access Devices in Clustered Environments |
|
Syslog over TLS |
|
SNMP V3 Traps |
|
Flow Support |
|
Appendix |
|
CyberArk to FortiSIEM Log Converter XSL |
|
Access Credentials |
|