Fortinet white logo
Fortinet white logo

External Systems Configuration Guide

TABLE OF CONTENTS

TABLE OF CONTENTS

FortiSIEM External Systems Configuration Guide Online
Change Log
Overview
FortiSIEM Port Usage
Supported Devices and Applications by Vendor
Applications
Application Server
Apache Tomcat
IBM WebSphere
Microsoft ASP.NET
Oracle GlassFish Server
Oracle WebLogic
Redhat JBOSS
Authentication Server
Cisco Access Control Server (ACS)
Cisco Duo
Cisco Identity Solution Engine (ISE)
CyberArk Password Vault
Fortinet FortiAuthenticator
Juniper Networks Steel-Belted RADIUS
Microsoft Internet Authentication Server (IAS)
Microsoft Network Policy Server (RAS VPN)
OneIdentity Safeguard
Vasco DigiPass
Database Server
IBM DB2 Server
Microsoft SQL Server
MySQL Server
Oracle Database Server
DHCP and DNS Server
Infoblox DNS/DHCP
ISC BIND DNS
Linux DHCP
Microsoft DHCP (2003, 2008)
Microsoft DNS (2003, 2008)
Directory Server
Microsoft Active Directory
Document Management Server
Microsoft SharePoint
Healthcare IT
Epic EMR/EHR System
Mail Server
Microsoft Exchange
Management Server/Appliance
Cisco Application Centric Infrastructure (ACI)
Fortinet FortiManager
HPE Integrated Lights-Out (iLO)
SolarWinds Orion
VMware NSX for vSphere
Remote Desktop
Citrix Receiver (ICA)
Source Code Control
GitHub
GitLab
GitLab API
GitLab CLI
Unified Communication Server
Avaya Call Manager
Cisco Call Manager
Cisco Contact Center
Cisco Presence Server
Cisco Tandeberg Telepresence Video Communication Server (VCS)
Cisco Telepresence Multipoint Control Unit (MCU)
Cisco Telepresence Video Communication Server
Cisco Unity Connection
Web Server
Apache Web Server
Microsoft IIS for Windows 2000 and 2003
Microsoft IIS for Windows 2008
NGINX Web Server
Blade Servers
Cisco UCS Server
HP BladeSystem
Cloud Access Security Broker
Fortinet FortiCASB
Oracle Cloud Access Security Broker (CASB)
Cloud Applications
Akamai Connected Cloud
Alicide.io KAudit
Atlassian Beacon
AWS Access Key IAM Permissions and IAM Policies
AWS CloudTrail API
Amazon AWS EC2
AWS EC2 CloudWatch API
AWS Elastic Load Balancer
AWS Kinesis
AWS RDS
AWS Security Hub
AWS Simple Queue Service (SQS)
Amazon Simple Storage Service (AWS S3)
Box.com
Cisco Umbrella
G42 Cloud
Google Cloud Platform - Pub/Sub Integration
Google Workspace (Formerly G Suite and Google Apps)
Microsoft Azure Audit
Microsoft Azure Compute
Microsoft Azure Event Hub
Microsoft Cloud App Security
Microsoft Defender for Identity/Microsoft Azure ATP
Microsoft Entra Identity Protection
Microsoft Office365 Audit
Okta
Adding Users from Okta
Configuring Okta Authentication
Logging In to Okta
Setting Up External Authentication
Oracle Cloud Infrastructure
Salesforce CRM Audit
Zscaler Nanolog Streaming Service (NSS)
Cloud Email Security Gateway (Mail Gateway / Mail Firewall)
Mimecast Cloud Gateway
Console Access Devices
Lantronix SLC Console Manager
Customer Relationship Management
Workday Enterprise Suite
Digital Risk Protection
Fortinet FortiRecon
End Point Security Software
Bit9 Security Platform
Bitdefender GravityZone
Carbon Black Security Platform
Cisco AMP Cloud V0
Cisco AMP Cloud V1
Cisco Security Agent (CSA)
CloudPassage Halo
Crowdstrike
Cybereason
Digital Guardian CodeGreen DLP
ESET NOD32 Anti-Virus
FortiClient
FortiClient EMS
Fortinet FortiEDR
Kaspersky
Malwarebytes Breach Remediation
MalwareBytes EndPoint Protection
McAfee ePolicy Orchestrator (ePO)
Microsoft Windows Defender ATP
MobileIron Sentry and Connector
Netwrix Auditor (via Correlog Windows Agent)
Palo Alto Traps Endpoint Security Manager
SentinelOne
Sophos Central
Sophos Endpoint Security and Control
Symantec Endpoint Protection
Symantec SEPM
Tanium Connect
Trend Micro Interscan Web Filter
Trend Micro Intrusion Defense Firewall (IDF)
Trend Micro OfficeScan
Trend Vision One
Firewalls
Check Point FireWall-1
Check Point Provider-1 Firewall
Configuring MDS for Check Point Provider-1 Firewalls
Configuring MLM for Check Point Provider-1 Firewalls
Configuring CMA for Check Point Provider-1 Firewalls
Configuring CLM for Check Point Provider-1 Firewalls
Check Point VSX Firewall
Cisco Adaptive Security Appliance (ASA)
Cisco Firepower Threat Defense (FTD)
Clavister Firewall
Cyberoam Firewall
Dell SonicWALL Firewall
Fortinet FortiGate Firewall
Hillstone Firewall
Imperva Securesphere Web App Firewall
Juniper Networks SSG Firewall
McAfee Firewall Enterprise (Sidewinder)
Palo Alto Firewall
Sophos UTM Firewall
Stormshield Network Security
Tigera Calico
UserGate UTM Firewall
WatchGuard Firebox Firewall
Load Balancers and Application Firewalls
Barracuda Web Application Firewall
Brocade ServerIron ADX
Citrix Netscaler Application Delivery Controller (ADC)
F5 Networks Application Security Manager
F5 Networks Local Traffic Manager
F5 Networks Web Accelerator
Fortinet FortiADC
Qualys Web Application Firewall
Zscaler Cloud Firewall
Log Aggregators
Fortinet FortiAnalyzer
Network Access Control
Fortinet FortiNAC
HPE Aruba Networking ClearPass Policy Manager
Network Compliance Management Applications
Cisco Network Compliance Manager
PacketFence Network Access Control (NAC) Integration
Network Detection and Response (NDR)
Fortinet FortiNDR (Formerly FortiAI)
Fortinet FortiNDR Cloud
Zeek Network Security Monitor (Previously known as Bro)
Network Intrusion Detection System
Microsoft Advanced Threat Analytics (ATA) On Premise Platform
Network Intrusion Prevention Systems (IPS)
3COM TippingPoint UnityOne IPS
AirTight Networks SpectraGuard
Alert Logic IRIS API
Armis Asset Intelligence Platform
Cisco FireSIGHT and FirePower Threat Defense
Cisco Intrusion Protection System
Cisco Stealthwatch
Claroty Continuous Threat Detection
Corero Smartwall Threat Defense System
Cylance Protect Endpoint Protection
Cyphort Cortext Endpoint Protection
Damballa Failsafe
Darktrace CyberIntelligence Platform
Dragos Platform
FireEye Malware Protection System (MPS)
FortiDDoS
Fortinet FortiDeceptor
Fortinet FortiSandbox
Fortinet FortiTester
IBM Internet Security Series Proventia
Juniper DDoS Secure
Juniper Networks IDP Series
McAfee Network Security Platform (formerly McAfee IntruShield)
McAfee Stonesoft IPS
Motorola AirDefense
Nozomi
Palo Alto Cortex XDR
Radware DefensePro
Snort Intrusion Prevention System
Sourcefire 3D and Defense Center
Trend Micro Deep Discovery
Zeek (Bro) installed on Security Onion
Operational Technology
APC Netbotz Environmental Monitor
APC UPS
Claroty Continuous Threat Detection
Dragos Platform
Generic UPS
Hirschman SCADA Firewalls and Switches
Liebert FPC
Liebert HVAC
Liebert UPS
Microsoft Defender for IoT (Was CyberX OT/IoT Security)
Nozomi Central Management Control
Nozomi SCADAguardian
OTORIO RAM2 (Risk Assessment, Monitoring and Management)
Privileged Access Management
Fortinet FortiPAM
Routers and Switches
Alcatel TiMOS and AOS Switch
Arista Router and Switch
ArubaOS-CX Switching Platform
Brocade NetIron CER Routers
Cisco 300 Series Routers
Cisco IOS Router and Switch
How CPU and Memory Utilization is Collected for Cisco IOS
Cisco Meraki Cloud Controller and Network Devices
Cisco NX-OS Router and Switch
Cisco ONS
Cisco Viptela SDWAN Router
Dell Force10 Router and Switch
Dell NSeries Switch
Dell PowerConnect Switch and Router
Foundry Networks IronWare Router and Switch
HP/3Com ComWare Switch
HP ProCurve Switch
HP Value Series (19xx) and HP 3Com (29xx) Switch
Hirschman SCADA Firewalls and Switches
Juniper Networks JunOS Switch
Mikrotek Router
Nortel ERS and Passport Switch
Security Gateways
Barracuda Networks Spam Firewall
Blue Coat Web Proxy
Cisco IronPort Mail Gateway
Cisco IronPort Web Gateway
Fortinet FortiMail
Fortinet FortiProxy
Fortinet FortiWeb
Imperva Securesphere DB Monitoring Gateway
Imperva Securesphere Security Gateway
McAfee Web Gateway
Microsoft ISA Server
Proofpoint
Squid Web Proxy
SSH Comm Security CryptoAuditor
Thales Vormetric Data Security Manager
Websense Web Filter
Security Information and Event Management
SAP Enterprise Threat Detection (ETD)
Security Orchestration (SOAR)
Fortinet FortiSOAR
Servers and Workstations
Apple MacOS Server
HP UX Server
IBM AIX Server
IBM OS400 Server
Linux Server
Microsoft Windows Server via OMI/SNMP/WMI
Microsoft Windows Server via Agent
QNAP Turbo NAS
Sun Solaris Server
Storage
Brocade SAN Switch
Dell Compellant Storage
Dell EqualLogic Storage
EMC Clarion Storage
EMC Isilon Storage
EMC VNX Storage
NetApp DataOnTap
NetApp Filer Storage
Nimble Storage
Nutanix Storage
Threat Intelligence
FortiInsight
Lastline
ThreatConnect
Virtualization
HyperV
HyTrust CloudControl
KVM
Nutanix Prism
VMware ESX
VPN Gateways
Cisco VPN 3000 Gateway
Cyxtera AppGuard
Juniper Networks SSL VPN Gateway
Microsoft PPTP VPN Gateway
Pulse Secure
Vulnerability Scanners
AlertLogic
Digital Defense Frontline Vulnerability Manager
Green League WVSS
McAfee Vulnerability Manager (Formerly McAfee Foundstone Vulnerability Scanner)
Qualys QualysGuard Scanner
Qualys Vulnerability Scanner
Rapid7 NeXpose Vulnerability Scanner (Vulnerability Management On-Premises)
Rapid7 InsightVM (Platform Based Vulnerability Management)
Tenable.io
Tenable Nessus Vulnerability Scanner
Tenable Security Center
YXLink Vulnerability Scanner
WAN Accelerators
Cisco Wide Area Application Server
Riverbed SteelHead WAN Accelerator
Wireless LANs
Aruba Networks Wireless LAN
Cisco Wireless LAN
CradlePoint
FortiAP
FortiWLC
Motorola WiNG WLAN AP
Ruckus Wireless LAN
Ubiquiti
Generic Log API Poller (HTTPS_ADVANCED) Integration
Ingesting JSON Formatted Events Received via HTTP(S) POST
Using Virtual IPs to Access Devices in Clustered Environments
Syslog
Syslog over TLS
SNMP V3 Traps
Webhook Integration
Flow Support
Appendix
CyberArk to FortiSIEM Log Converter XSL
Access Credentials
How to Generate a Public SSL/TLS Certificate and Configure FortiSIEM Collector

TABLE OF CONTENTS

TABLE OF CONTENTS

FortiSIEM External Systems Configuration Guide Online
Change Log
Overview
FortiSIEM Port Usage
Supported Devices and Applications by Vendor
Applications
Application Server
Apache Tomcat
IBM WebSphere
Microsoft ASP.NET
Oracle GlassFish Server
Oracle WebLogic
Redhat JBOSS
Authentication Server
Cisco Access Control Server (ACS)
Cisco Duo
Cisco Identity Solution Engine (ISE)
CyberArk Password Vault
Fortinet FortiAuthenticator
Juniper Networks Steel-Belted RADIUS
Microsoft Internet Authentication Server (IAS)
Microsoft Network Policy Server (RAS VPN)
OneIdentity Safeguard
Vasco DigiPass
Database Server
IBM DB2 Server
Microsoft SQL Server
MySQL Server
Oracle Database Server
DHCP and DNS Server
Infoblox DNS/DHCP
ISC BIND DNS
Linux DHCP
Microsoft DHCP (2003, 2008)
Microsoft DNS (2003, 2008)
Directory Server
Microsoft Active Directory
Document Management Server
Microsoft SharePoint
Healthcare IT
Epic EMR/EHR System
Mail Server
Microsoft Exchange
Management Server/Appliance
Cisco Application Centric Infrastructure (ACI)
Fortinet FortiManager
HPE Integrated Lights-Out (iLO)
SolarWinds Orion
VMware NSX for vSphere
Remote Desktop
Citrix Receiver (ICA)
Source Code Control
GitHub
GitLab
GitLab API
GitLab CLI
Unified Communication Server
Avaya Call Manager
Cisco Call Manager
Cisco Contact Center
Cisco Presence Server
Cisco Tandeberg Telepresence Video Communication Server (VCS)
Cisco Telepresence Multipoint Control Unit (MCU)
Cisco Telepresence Video Communication Server
Cisco Unity Connection
Web Server
Apache Web Server
Microsoft IIS for Windows 2000 and 2003
Microsoft IIS for Windows 2008
NGINX Web Server
Blade Servers
Cisco UCS Server
HP BladeSystem
Cloud Access Security Broker
Fortinet FortiCASB
Oracle Cloud Access Security Broker (CASB)
Cloud Applications
Akamai Connected Cloud
Alicide.io KAudit
Atlassian Beacon
AWS Access Key IAM Permissions and IAM Policies
AWS CloudTrail API
Amazon AWS EC2
AWS EC2 CloudWatch API
AWS Elastic Load Balancer
AWS Kinesis
AWS RDS
AWS Security Hub
AWS Simple Queue Service (SQS)
Amazon Simple Storage Service (AWS S3)
Box.com
Cisco Umbrella
G42 Cloud
Google Cloud Platform - Pub/Sub Integration
Google Workspace (Formerly G Suite and Google Apps)
Microsoft Azure Audit
Microsoft Azure Compute
Microsoft Azure Event Hub
Microsoft Cloud App Security
Microsoft Defender for Identity/Microsoft Azure ATP
Microsoft Entra Identity Protection
Microsoft Office365 Audit
Okta
Adding Users from Okta
Configuring Okta Authentication
Logging In to Okta
Setting Up External Authentication
Oracle Cloud Infrastructure
Salesforce CRM Audit
Zscaler Nanolog Streaming Service (NSS)
Cloud Email Security Gateway (Mail Gateway / Mail Firewall)
Mimecast Cloud Gateway
Console Access Devices
Lantronix SLC Console Manager
Customer Relationship Management
Workday Enterprise Suite
Digital Risk Protection
Fortinet FortiRecon
End Point Security Software
Bit9 Security Platform
Bitdefender GravityZone
Carbon Black Security Platform
Cisco AMP Cloud V0
Cisco AMP Cloud V1
Cisco Security Agent (CSA)
CloudPassage Halo
Crowdstrike
Cybereason
Digital Guardian CodeGreen DLP
ESET NOD32 Anti-Virus
FortiClient
FortiClient EMS
Fortinet FortiEDR
Kaspersky
Malwarebytes Breach Remediation
MalwareBytes EndPoint Protection
McAfee ePolicy Orchestrator (ePO)
Microsoft Windows Defender ATP
MobileIron Sentry and Connector
Netwrix Auditor (via Correlog Windows Agent)
Palo Alto Traps Endpoint Security Manager
SentinelOne
Sophos Central
Sophos Endpoint Security and Control
Symantec Endpoint Protection
Symantec SEPM
Tanium Connect
Trend Micro Interscan Web Filter
Trend Micro Intrusion Defense Firewall (IDF)
Trend Micro OfficeScan
Trend Vision One
Firewalls
Check Point FireWall-1
Check Point Provider-1 Firewall
Configuring MDS for Check Point Provider-1 Firewalls
Configuring MLM for Check Point Provider-1 Firewalls
Configuring CMA for Check Point Provider-1 Firewalls
Configuring CLM for Check Point Provider-1 Firewalls
Check Point VSX Firewall
Cisco Adaptive Security Appliance (ASA)
Cisco Firepower Threat Defense (FTD)
Clavister Firewall
Cyberoam Firewall
Dell SonicWALL Firewall
Fortinet FortiGate Firewall
Hillstone Firewall
Imperva Securesphere Web App Firewall
Juniper Networks SSG Firewall
McAfee Firewall Enterprise (Sidewinder)
Palo Alto Firewall
Sophos UTM Firewall
Stormshield Network Security
Tigera Calico
UserGate UTM Firewall
WatchGuard Firebox Firewall
Load Balancers and Application Firewalls
Barracuda Web Application Firewall
Brocade ServerIron ADX
Citrix Netscaler Application Delivery Controller (ADC)
F5 Networks Application Security Manager
F5 Networks Local Traffic Manager
F5 Networks Web Accelerator
Fortinet FortiADC
Qualys Web Application Firewall
Zscaler Cloud Firewall
Log Aggregators
Fortinet FortiAnalyzer
Network Access Control
Fortinet FortiNAC
HPE Aruba Networking ClearPass Policy Manager
Network Compliance Management Applications
Cisco Network Compliance Manager
PacketFence Network Access Control (NAC) Integration
Network Detection and Response (NDR)
Fortinet FortiNDR (Formerly FortiAI)
Fortinet FortiNDR Cloud
Zeek Network Security Monitor (Previously known as Bro)
Network Intrusion Detection System
Microsoft Advanced Threat Analytics (ATA) On Premise Platform
Network Intrusion Prevention Systems (IPS)
3COM TippingPoint UnityOne IPS
AirTight Networks SpectraGuard
Alert Logic IRIS API
Armis Asset Intelligence Platform
Cisco FireSIGHT and FirePower Threat Defense
Cisco Intrusion Protection System
Cisco Stealthwatch
Claroty Continuous Threat Detection
Corero Smartwall Threat Defense System
Cylance Protect Endpoint Protection
Cyphort Cortext Endpoint Protection
Damballa Failsafe
Darktrace CyberIntelligence Platform
Dragos Platform
FireEye Malware Protection System (MPS)
FortiDDoS
Fortinet FortiDeceptor
Fortinet FortiSandbox
Fortinet FortiTester
IBM Internet Security Series Proventia
Juniper DDoS Secure
Juniper Networks IDP Series
McAfee Network Security Platform (formerly McAfee IntruShield)
McAfee Stonesoft IPS
Motorola AirDefense
Nozomi
Palo Alto Cortex XDR
Radware DefensePro
Snort Intrusion Prevention System
Sourcefire 3D and Defense Center
Trend Micro Deep Discovery
Zeek (Bro) installed on Security Onion
Operational Technology
APC Netbotz Environmental Monitor
APC UPS
Claroty Continuous Threat Detection
Dragos Platform
Generic UPS
Hirschman SCADA Firewalls and Switches
Liebert FPC
Liebert HVAC
Liebert UPS
Microsoft Defender for IoT (Was CyberX OT/IoT Security)
Nozomi Central Management Control
Nozomi SCADAguardian
OTORIO RAM2 (Risk Assessment, Monitoring and Management)
Privileged Access Management
Fortinet FortiPAM
Routers and Switches
Alcatel TiMOS and AOS Switch
Arista Router and Switch
ArubaOS-CX Switching Platform
Brocade NetIron CER Routers
Cisco 300 Series Routers
Cisco IOS Router and Switch
How CPU and Memory Utilization is Collected for Cisco IOS
Cisco Meraki Cloud Controller and Network Devices
Cisco NX-OS Router and Switch
Cisco ONS
Cisco Viptela SDWAN Router
Dell Force10 Router and Switch
Dell NSeries Switch
Dell PowerConnect Switch and Router
Foundry Networks IronWare Router and Switch
HP/3Com ComWare Switch
HP ProCurve Switch
HP Value Series (19xx) and HP 3Com (29xx) Switch
Hirschman SCADA Firewalls and Switches
Juniper Networks JunOS Switch
Mikrotek Router
Nortel ERS and Passport Switch
Security Gateways
Barracuda Networks Spam Firewall
Blue Coat Web Proxy
Cisco IronPort Mail Gateway
Cisco IronPort Web Gateway
Fortinet FortiMail
Fortinet FortiProxy
Fortinet FortiWeb
Imperva Securesphere DB Monitoring Gateway
Imperva Securesphere Security Gateway
McAfee Web Gateway
Microsoft ISA Server
Proofpoint
Squid Web Proxy
SSH Comm Security CryptoAuditor
Thales Vormetric Data Security Manager
Websense Web Filter
Security Information and Event Management
SAP Enterprise Threat Detection (ETD)
Security Orchestration (SOAR)
Fortinet FortiSOAR
Servers and Workstations
Apple MacOS Server
HP UX Server
IBM AIX Server
IBM OS400 Server
Linux Server
Microsoft Windows Server via OMI/SNMP/WMI
Microsoft Windows Server via Agent
QNAP Turbo NAS
Sun Solaris Server
Storage
Brocade SAN Switch
Dell Compellant Storage
Dell EqualLogic Storage
EMC Clarion Storage
EMC Isilon Storage
EMC VNX Storage
NetApp DataOnTap
NetApp Filer Storage
Nimble Storage
Nutanix Storage
Threat Intelligence
FortiInsight
Lastline
ThreatConnect
Virtualization
HyperV
HyTrust CloudControl
KVM
Nutanix Prism
VMware ESX
VPN Gateways
Cisco VPN 3000 Gateway
Cyxtera AppGuard
Juniper Networks SSL VPN Gateway
Microsoft PPTP VPN Gateway
Pulse Secure
Vulnerability Scanners
AlertLogic
Digital Defense Frontline Vulnerability Manager
Green League WVSS
McAfee Vulnerability Manager (Formerly McAfee Foundstone Vulnerability Scanner)
Qualys QualysGuard Scanner
Qualys Vulnerability Scanner
Rapid7 NeXpose Vulnerability Scanner (Vulnerability Management On-Premises)
Rapid7 InsightVM (Platform Based Vulnerability Management)
Tenable.io
Tenable Nessus Vulnerability Scanner
Tenable Security Center
YXLink Vulnerability Scanner
WAN Accelerators
Cisco Wide Area Application Server
Riverbed SteelHead WAN Accelerator
Wireless LANs
Aruba Networks Wireless LAN
Cisco Wireless LAN
CradlePoint
FortiAP
FortiWLC
Motorola WiNG WLAN AP
Ruckus Wireless LAN
Ubiquiti
Generic Log API Poller (HTTPS_ADVANCED) Integration
Ingesting JSON Formatted Events Received via HTTP(S) POST
Using Virtual IPs to Access Devices in Clustered Environments
Syslog
Syslog over TLS
SNMP V3 Traps
Webhook Integration
Flow Support
Appendix
CyberArk to FortiSIEM Log Converter XSL
Access Credentials
How to Generate a Public SSL/TLS Certificate and Configure FortiSIEM Collector