Stormshield Network Security
Integration Points
Protocol | Information Collected | Used For |
---|---|---|
Syslog | Firewall logs | Security and Compliance Monitoring |
Event Types
Go to RESOURCES > Event Type and search "Stormshield-" in the main content panel Search... field to see the event types associated with this device.
Configuration
Configuring Stormshield to Send Logs
Follow the steps listed here under the Choose where to save logs section, to save logs.
Configuring FortiSIEM to Receive Logs
No configuration is needed. FortiSIEM can automatically detect and parse Stormshield logs based on the built in parser.
Sample Logs
id=firewall time="2019-02-24 16:38:01" fw="SN310A17B0323A7" tz=+0100 startime="2019-02-24 16:38:00" pri=5 confid=00 slotlevel=2 ruleid=4 rulename="1690fb96019_7" srcif="Ethernet0" srcifname="out" ipproto=udp proto=ssdp src=10.11.11.11 srcport=49907 srcportname=ephemeral_fw_udp srcname=user1 srcmac=11:11:11:11:11:11 dst=10.10.10.10 dstport=1900 dstportname=sdp ipv=4 sent=0 rcvd=0 duration=0.00 action=pass logtype="filter"