Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • External Systems Configuration Guide

    Home FortiSIEM 7.1.2 External Systems Configuration Guide
    7.1.2
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.7.9
    6.7.8
    6.7.7
    6.7.6
    6.7.5
    6.7.4
    6.7.3
    6.7.2
    6.7.1
    6.7.0
    6.6.5
    6.6.4
    6.6.3
    6.6.2
    6.6.1
    6.6.0
    6.5.3
    6.5.2
    6.5.1
    6.5.0
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    6.1.0
    5.4.0
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.0.0

    Box.com

    Box/Box.com

    FortiSIEM Support Added: 4.7.2

    FortiSIEM Last Modification: 6.4.0

    Vendor Version Tested: Not Provided

    Vendor:Box

    Product Information: https://www.box.com/overview

    Integration Points

    Protocol Information Discovered Used For
    Box API Security and Compliance

    Box API Integration

    FortiSIEM can pull audit events from Box.com Cloud Service via Box API.

    Configuration

    Configuring Box.com Service

    Create an account to be used for FortiSIEM communication, taking note of the following:

    • A general account can pull user events
    • An Admin account can pull enterprise events
    • A unique Client ID and Client Secret can only start one job. It cannot be used to start multiple jobs.

    Take the following steps:

    1. Login to the Box developer's console at https://app.box.com/developers/console.

    2. Navigate to My Apps > Create New APP.

    3. Click Custom App.

    4. Select User Authentication (OAuth 2.0).

    5. In the App Name field, enter the application name.

    6. Click Create App.

    7. Under Configuration, make a record of the Client ID and Client Secret of the new application. This will be used when creating a credential in Configuring FortiSIEM.

    8. In the Redirect URI field, enter the URI in the following format:

      https://<supervisor_ip_address>:443/phoenix/boxAuth?custId=<ID>

      Example:

      https://10.10.10.10:443/phoenix/boxAuth?custId=2112

    9. Click Save Changes.

    Configuring FortiSIEM

    Use the account in previous step to enable FortiSIEM access. Complete these steps in the FortiSIEM UI:

    1. Go to the ADMIN > Setup > Credentials tab.
    2. In Step 1: Enter Credentials:
      1. Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
      2. Enter these settings in the Access Method Definition dialog box and click Save:

        Settings Description
        Name Enter a name for the credential
        Device Type Box.com Box
        Access Protocol Box API

        Client ID

        Provide the Client ID obtained in step 7 of Configuring Box.com Service.
        Note: A unique Client ID and Client Secret can only start one job. It cannot be used to start multiple jobs.

        Client Secret

        Provide the Client Secret obtained in step 7 of Configuring Box.com Service.

        AccountChoose Account as the email address for the account created while Configuring Box.com Service.
        Organization

        Choose the Organization if it is an MSP deployment and the same credential is to be used for multiple customers.

        Description Description of the device.
    3. After clicking Save, you will be redirected to the Box.com website. Enter the credentials for Box.com and click Authorize.
    4. Click Grant Access to Box. You should see that the authorization for FortiSIEM to access your Box account was successful.
    5. In Step 2: Enter IP Range to Credential Associations, click New.
      1. Select the Credential created in step 2a from the Credentials drop-down list.
      2. The IP/Host Name should automatically be set to api.box.com.
      3. Click Save.
    6. Select the entry from step 5, click the Test drop-down list and select Test Connectivity and make sure it succeeds, which implies that the credential is correct.
    7. An entry will be created in ADMIN > Setup > Pull Events corresponding to this event pulling job. FortiSIEM will start to pull events from Box.com Cloud Service using the Box.com API.
    8. To see the received events, go to ADMIN > Setup > Pull Events, select the Box.com entry and click Report. The system will take you to the ANALYTICS tab and run a query to display the events received from Box in the last 15 minutes. You can modify the time interval to get more events.
    Previous
    Next

    Box.com

    Box/Box.com

    FortiSIEM Support Added: 4.7.2

    FortiSIEM Last Modification: 6.4.0

    Vendor Version Tested: Not Provided

    Vendor:Box

    Product Information: https://www.box.com/overview

    Integration Points

    Protocol Information Discovered Used For
    Box API Security and Compliance

    Box API Integration

    FortiSIEM can pull audit events from Box.com Cloud Service via Box API.

    Configuration

    Configuring Box.com Service

    Create an account to be used for FortiSIEM communication, taking note of the following:

    • A general account can pull user events
    • An Admin account can pull enterprise events
    • A unique Client ID and Client Secret can only start one job. It cannot be used to start multiple jobs.

    Take the following steps:

    1. Login to the Box developer's console at https://app.box.com/developers/console.

    2. Navigate to My Apps > Create New APP.

    3. Click Custom App.

    4. Select User Authentication (OAuth 2.0).

    5. In the App Name field, enter the application name.

    6. Click Create App.

    7. Under Configuration, make a record of the Client ID and Client Secret of the new application. This will be used when creating a credential in Configuring FortiSIEM.

    8. In the Redirect URI field, enter the URI in the following format:

      https://<supervisor_ip_address>:443/phoenix/boxAuth?custId=<ID>

      Example:

      https://10.10.10.10:443/phoenix/boxAuth?custId=2112

    9. Click Save Changes.

    Configuring FortiSIEM

    Use the account in previous step to enable FortiSIEM access. Complete these steps in the FortiSIEM UI:

    1. Go to the ADMIN > Setup > Credentials tab.
    2. In Step 1: Enter Credentials:
      1. Follow the instructions in “Setting Credentials“ in the User's Guide to create a new credential.
      2. Enter these settings in the Access Method Definition dialog box and click Save:

        Settings Description
        Name Enter a name for the credential
        Device Type Box.com Box
        Access Protocol Box API

        Client ID

        Provide the Client ID obtained in step 7 of Configuring Box.com Service.
        Note: A unique Client ID and Client Secret can only start one job. It cannot be used to start multiple jobs.

        Client Secret

        Provide the Client Secret obtained in step 7 of Configuring Box.com Service.

        AccountChoose Account as the email address for the account created while Configuring Box.com Service.
        Organization

        Choose the Organization if it is an MSP deployment and the same credential is to be used for multiple customers.

        Description Description of the device.
    3. After clicking Save, you will be redirected to the Box.com website. Enter the credentials for Box.com and click Authorize.
    4. Click Grant Access to Box. You should see that the authorization for FortiSIEM to access your Box account was successful.
    5. In Step 2: Enter IP Range to Credential Associations, click New.
      1. Select the Credential created in step 2a from the Credentials drop-down list.
      2. The IP/Host Name should automatically be set to api.box.com.
      3. Click Save.
    6. Select the entry from step 5, click the Test drop-down list and select Test Connectivity and make sure it succeeds, which implies that the credential is correct.
    7. An entry will be created in ADMIN > Setup > Pull Events corresponding to this event pulling job. FortiSIEM will start to pull events from Box.com Cloud Service using the Box.com API.
    8. To see the received events, go to ADMIN > Setup > Pull Events, select the Box.com entry and click Report. The system will take you to the ANALYTICS tab and run a query to display the events received from Box in the last 15 minutes. You can modify the time interval to get more events.
    Previous
    Next