Fortinet white logo
Fortinet white logo

External Systems Configuration Guide

G42 Cloud

G42 Cloud

G42 is a cloud server platform that provides various services to its users.

Object Storage Service (OBS) is a G42 object-based storage service. It allows users to store and manage unstructured data, including log files, in a cost-effective and secure manner. All logs in G42 can be transferred to OBS.

Cloud Trace Service (CTS) is a log audit service for security. It allows you to collect, store, and query resource operation records. It can collect operations (Create/Upload/Delete log files) in OBS.

FortiSIEM can use the G42 REST API to get traces in CTS and download these log files in OBS according to traces.

Support Added: FortiSIEM 7.1.0

Vendor Version Tested: Not Provided

Vendor: G42 Cloud

Product: Cloud Services

Product Information: https://www.g42cloud.com/#/

Configuration

Setup in G42

Complete these steps from G42 Console.

Generate a New Access Key

  1. Log in to the management console, point to the username in the upper right corner, and select My Credentials from the drop-down list.

  2. On the My Credentials page, you can find your Account Name and Project ID. The two attribute values will be used in FortiSIEM.

  3. On the My Credentials page, click the Access Keys tab.

  4. Click Create Access Key. In the dialog box that is displayed, enter the login password and verification code sent to your email or mobile phone.

  5. Make sure it has permission to access OBS.

  6. Click OK and download the generated Acess Key/Secret Key (AK/SK) pair.

  7. Retain this information as the Access Key and Secret Key will be used in FortiSIEM setup later.

Create a Bucket in OBS

  1. Open the G42 OBS console.

  2. Click Create Bucket.

  3. Fill in the information on this page. Refer to the G42 document here for more details.

  4. Click Create Now.

Create a Tracker to Trace a Bucket

  1. Open the G42 CTS console.

  2. Navigate to/click Tracker List.

  3. Click Create Tracker.

    1. For OBS Bucket, select the OBS bucket created in Create a Bucket in OB, and select Trace.

    2. For Operation, select Write.

    3. For the other pages, fill in as necessary. Refer to the G42 document here for more information.

  4. Click Create.

Setup in FortiSIEM

Start a Pulling Job by taking the following steps.

  1. Login to FortiSIEM.

  2. Navigate to ADMIN > Device Support > Devices/Apps.

  3. Click New to create a new device type.

  4. In the Category drop-down list, select Device.

    In the Vendor field, enter the vendor name, e.g. "G42 Cloud".

  5. In the Model field, enter the device model, e.g. "G42 Cloud".

  6. In the Version field, enter the version device.

  7. In the Device/App Group drop-down list, expand Devices, and select a value, e.g. "Generic".

  8. From the Access Protocol drop-down list, select G42_OBS_WITH_CTS.

  9. Click Save.

Create a new Access Method Credential by taking the following steps.

  1. Go to the ADMIN > Setup > Credentials tab.
  2. In Step 1: Enter Credentials, click New to create a new credential.
    1. Follow the instructions in "Setting Credentials" in the User's Guide to create a new credential.
    2. Enter these settings in the Access Method Definition dialog box and click Save:

      Settings Description
      Name Enter a name for the credential
      Device TypeSelect the device type you created earlier.
      Access Protocol G42_OBS_WITH_CTS

      Region (optional)

      Enter the region where your G42 resides.

      Account Name

      Enter/paste the Account Name used when you generated your Access Key.

      Project Id

      Enter/paste the Project Id used when you generated your Access Key.

      Access Key

      Enter/paste your Access Key.

      Secret Key/Confirm Secret Key

      Enter/paste your Secret Key.

      Tracker NameEnter the tracker name.
      Split JSON LogCheck the Split JSON Log checkbox to enable.

      JSON Log Array Key Path

      Leave this field empty.

      Log Keyword

      By default, a log keyword is provided, which is G42_AUDIT_LOG.

      Description Description of the device.
  3. In Step 2: Enter IP Range to Credential Associations, click New to create a mapping.
    1. Enter a host name, an IP, or an IP range in the IP/Host Name field.
    2. Select the name of your credential from the Credentials drop-down list.
    3. Click Save.
  4. Click the Test drop-down list and select Test Connectivity to test the connection to the server.
  5. Navigate to ADMIN > Setup > Pull Events to see the new job.
    Events can be queried from the ANALYTICS page.

Forwarding Logs to OBS

Forward G42 Audit Logs to OBS

G42 uses CTS to record operations on cloud service resources, enabling you to query, audit, and backtrack operations. CTS records the following:

  • Operations performed on the management console.

  • Operations performed by calling supported APIs.

  • Operations triggered by connected cloud services.

A tracker is automatically created when you enable CTS. This tracker identifies and associates with all cloud services your tenant account is using and records all operations of your tenant account.

The following steps allow you to forward logs to OBS.

  1. Open the CTS console.

  2. Navigate to Tracker List.

  3. Select tracker System.

  4. Click Configure.

  5. On the Configure Transfer page, select the bucket you want to keep logs.

  6. Click Next > Configure.

Upload Log File to OBS

Customer can upload log files manually.

  1. Open the G42 OBS console.

  2. Select your bucket.

  3. Click Upload and then click Add files.

  4. Select log files and click Upload.
    Note: The log files in OBS must be in gz or txt format.

G42 Cloud

G42 Cloud

G42 is a cloud server platform that provides various services to its users.

Object Storage Service (OBS) is a G42 object-based storage service. It allows users to store and manage unstructured data, including log files, in a cost-effective and secure manner. All logs in G42 can be transferred to OBS.

Cloud Trace Service (CTS) is a log audit service for security. It allows you to collect, store, and query resource operation records. It can collect operations (Create/Upload/Delete log files) in OBS.

FortiSIEM can use the G42 REST API to get traces in CTS and download these log files in OBS according to traces.

Support Added: FortiSIEM 7.1.0

Vendor Version Tested: Not Provided

Vendor: G42 Cloud

Product: Cloud Services

Product Information: https://www.g42cloud.com/#/

Configuration

Setup in G42

Complete these steps from G42 Console.

Generate a New Access Key

  1. Log in to the management console, point to the username in the upper right corner, and select My Credentials from the drop-down list.

  2. On the My Credentials page, you can find your Account Name and Project ID. The two attribute values will be used in FortiSIEM.

  3. On the My Credentials page, click the Access Keys tab.

  4. Click Create Access Key. In the dialog box that is displayed, enter the login password and verification code sent to your email or mobile phone.

  5. Make sure it has permission to access OBS.

  6. Click OK and download the generated Acess Key/Secret Key (AK/SK) pair.

  7. Retain this information as the Access Key and Secret Key will be used in FortiSIEM setup later.

Create a Bucket in OBS

  1. Open the G42 OBS console.

  2. Click Create Bucket.

  3. Fill in the information on this page. Refer to the G42 document here for more details.

  4. Click Create Now.

Create a Tracker to Trace a Bucket

  1. Open the G42 CTS console.

  2. Navigate to/click Tracker List.

  3. Click Create Tracker.

    1. For OBS Bucket, select the OBS bucket created in Create a Bucket in OB, and select Trace.

    2. For Operation, select Write.

    3. For the other pages, fill in as necessary. Refer to the G42 document here for more information.

  4. Click Create.

Setup in FortiSIEM

Start a Pulling Job by taking the following steps.

  1. Login to FortiSIEM.

  2. Navigate to ADMIN > Device Support > Devices/Apps.

  3. Click New to create a new device type.

  4. In the Category drop-down list, select Device.

    In the Vendor field, enter the vendor name, e.g. "G42 Cloud".

  5. In the Model field, enter the device model, e.g. "G42 Cloud".

  6. In the Version field, enter the version device.

  7. In the Device/App Group drop-down list, expand Devices, and select a value, e.g. "Generic".

  8. From the Access Protocol drop-down list, select G42_OBS_WITH_CTS.

  9. Click Save.

Create a new Access Method Credential by taking the following steps.

  1. Go to the ADMIN > Setup > Credentials tab.
  2. In Step 1: Enter Credentials, click New to create a new credential.
    1. Follow the instructions in "Setting Credentials" in the User's Guide to create a new credential.
    2. Enter these settings in the Access Method Definition dialog box and click Save:

      Settings Description
      Name Enter a name for the credential
      Device TypeSelect the device type you created earlier.
      Access Protocol G42_OBS_WITH_CTS

      Region (optional)

      Enter the region where your G42 resides.

      Account Name

      Enter/paste the Account Name used when you generated your Access Key.

      Project Id

      Enter/paste the Project Id used when you generated your Access Key.

      Access Key

      Enter/paste your Access Key.

      Secret Key/Confirm Secret Key

      Enter/paste your Secret Key.

      Tracker NameEnter the tracker name.
      Split JSON LogCheck the Split JSON Log checkbox to enable.

      JSON Log Array Key Path

      Leave this field empty.

      Log Keyword

      By default, a log keyword is provided, which is G42_AUDIT_LOG.

      Description Description of the device.
  3. In Step 2: Enter IP Range to Credential Associations, click New to create a mapping.
    1. Enter a host name, an IP, or an IP range in the IP/Host Name field.
    2. Select the name of your credential from the Credentials drop-down list.
    3. Click Save.
  4. Click the Test drop-down list and select Test Connectivity to test the connection to the server.
  5. Navigate to ADMIN > Setup > Pull Events to see the new job.
    Events can be queried from the ANALYTICS page.

Forwarding Logs to OBS

Forward G42 Audit Logs to OBS

G42 uses CTS to record operations on cloud service resources, enabling you to query, audit, and backtrack operations. CTS records the following:

  • Operations performed on the management console.

  • Operations performed by calling supported APIs.

  • Operations triggered by connected cloud services.

A tracker is automatically created when you enable CTS. This tracker identifies and associates with all cloud services your tenant account is using and records all operations of your tenant account.

The following steps allow you to forward logs to OBS.

  1. Open the CTS console.

  2. Navigate to Tracker List.

  3. Select tracker System.

  4. Click Configure.

  5. On the Configure Transfer page, select the bucket you want to keep logs.

  6. Click Next > Configure.

Upload Log File to OBS

Customer can upload log files manually.

  1. Open the G42 OBS console.

  2. Select your bucket.

  3. Click Upload and then click Add files.

  4. Select log files and click Upload.
    Note: The log files in OBS must be in gz or txt format.