Fortinet white logo
Fortinet white logo

External Systems Configuration Guide

Change Log

Change Log

DateChange Description
2018-05-23Initial version of the guide.
2018-07-24 Revision 2 with a new section under Windows Server Configuration - Configuring Log Monitoring for Non-Administrative User.
2018-08-07 Revision 3 with updated section: Fortinet FortiGate Firewall
2018-09-12Revision 4 with updated section: Microsoft Azure Audit
2018-09-26Revision 5 with updated section: WatchGuard Firebox Firewall
2018-11-28Revision 6 with updated section: Fortinet FortiGate Firewall > Configuring SSH on FortiSIEM to communicate with FortiGate
2019-01-29Revision 7: updated section: Cisco FireSIGHT
2019-03-15Revision 8: new section: Threat Intelligence
2019-03-28Revision 9: updates the guide to reflect the new menu hierarchy in the FortiSIEM tool.
2019-04-24Revision 10: added Carbon Black Security Platform under End Point Security Software.
2019-07-24Revision 11: updated integration instructions for Microsoft Office 365 Audit.
2019-10-22Revision 12: added Clavister Firewall and FortiADC devices. Added Active Directory User Discovery section to Microsoft Active Directory device. Corrections to SQL Server DDL Event Creation Script and SQL Server Database Level Event Creation Script.
2019-11-22Revision 13: added Zeek (Bro) installation instructions for Security Onion, Cyberoam FortiADC, Epic SecuritySIEM, FortiEDR, FortiNAC, FortiDeceptor, Microsoft Network Policy Server, TrendMicro Deep Discovery. Changed the name of Cisco FireAMP to Cisco AMP Cloud V0. Changed the name of Cisco AMP to Cisco AMP Cloud V1.
2020-01-03Revision 14: added CradlePoint.
2020-04-15Revision 15: added Alert Logic Iris API, AWS Kinesis, AWS Security Hub, Cisco Amp, GitLab Cli, Azure Event Hub, Azure Compute, McAfee ePolicy Orchestrator, LastLine, Imperva Securesphere Web App Firewall, Imperva Securesphere DB Security Gateway, Imperva Securesphere DB Monitoring Gateway, Green League WVSS, FortiInsight, Damballa Failsafe, AWS EC2, Cisco Fireamp, Novell Netware, Green League RSAS, Checkpoint SmartCenter, FortiTester, Cisco Viptela, MobileIron, Duo, Indegy Industrial Cybersecurity Suite, Netwrix, Darktrace DCIP, Hirschmann SCADA Firewalls and Switches.
2020-07-22Revision 16: Edits to Cisco AMP Cloud V0 and Cisco AMP Cloud V1.
2020-10-09Revision 17: Added Alcide io KAudit, Stormshield Network Security and Tigera Calico
2020-12-18Revision 18: Added note to AWS CloudTrail API Configuration
2021-01-05Revision 19: Added Mapping Active Directory User Attributes to FortiSIEM User Attributes.
2021-02-03Revision 20: Updated Malwarebytes to Malwarebytes Endpoint Protection.
2021-03-03Revision 21: Added NetApp Data ONTAP Supported Version.
2021-03-18Revision 22: Added Claroty Continuous Threat Detection, Corero Smartwall Threat Defense, Dragos Platform, Malwarebytes Breach Remediation, Oracle Cloud Access Security Broker (CASB), Proofpoint.
2021-04-05Revision 23: Updated Linux server section.
2021-04-07Revision 24: Updated AWS Kinesis for 6.2.0.
2021-04-16Revision 25: Updated Microsoft Office 365 Audit "Create the Office 365 API Credential" steps.
2021-04-23Revision 26: Added Salesforce Configuration for 6.2.0, 6.1.x, 5.4.0, 5.3.x, 5.2.x releases.
2021-07-06Revision 27: Added Security Orchestration and FortiGate SNMPv3 setup example.
Updated: Cisco Firepower Threat Defense, Linux Server Rsyslog and Syslog-NG, AWS Security Hub, EC2 Cloudwatch API, AWS EC2 Discovery, Office365 API integration, Microsoft Azure Compute, Microsoft Windows Defender for Endpoint (Windows Defender ATP), Cisco IOS, Cisco FireSIGHT, Cisco Duo, Cisco FireAmp, Cisco Meraki Access Points, Rapid7 Nexpose, Rapid7 InsightVM, Google Workspace, Carbon Black Syslog setup, FortiManager syslog, FortiWeb syslog, FortiSandbox syslog, FortiAuthenticator syslog, FortiClient syslog, FortiADC syslog, FortiDeceptor syslog, FortiNAC syslog, FortiEDR syslog, FortiSOAR syslog. Environmental Sensors updated to Operational Technology, Syslog over TLS.
New Device Support: Microsoft Windows Print Service Log, AWS Elasticsearch Load Balancer Log, CyberX OT/IoT Security via Log, Digital Defense Vulnerability Scanner via API, FortiAI via Log, FortiCASB integration via API, HP ILO via SNMP Trap, Palo Alto Cortex XDR via Log, Palo Alto WildFire via Log through Palo Alto Firewall.
Device Support Extensions: CloudTrail Logs via AWS Kinesis, CyberArk Vault integration via REST API, FortiAnalyzer System Event Logs via Syslog, FortiEDR integration via API, FortiGate, FortiAP and FortiSwitch via FortiGate API, GCC High Tenant for Azure Audit, VPC Flog Logs via AWS Kinesis.
2021-07-22Revision 28: Updated AWS Kinesis Configuration for Configuring AWS CloudTrail Logs through Kinesis Streams, and Configuring VPC Flow Logs through Kinesis Streams.

2021-07-26

Revision 29: Updated Epilog/snare link for Oracle Database Server, Juniper Steel Belted RADIUS, and Apache Web Server configuration.
2021-07-30Revision 30: Updated Tenable Nessus Vulnerability Scanner configuration.
2021-08-02Revision 31: Updated Cisco FireSIGHT Configuration.
2021-08-26Revision 32: Updated AWS EC2 CloudWatch API, Googe Workspace / GSUITE, Zeek Network Security Monitor (Previously Bro). Added Microsoft Advanced Threat Analytics (ATA) On Premise Platform, KVM, FortiProxy, Google Cloud Platform, Mac OS, Otorio RAM2, UserGate UTM Firewall to 6.3.1.
2021-08-30Revision 33: Updated Microsoft SQL Server for 6.x Guides.
2021-08-31Revision 34: Added Syslog CEF Format configuration to Check Point FireWall-1 for 6.3.1 Guide.
2021-09-16Revision 35: Updated Dell Force10 Router and Switch, Dell NSeries Switch, and Dell PowerConnect Switch and Router for 6.3.1, and Microsoft Office 365 Audit for 6.3.x Guides.
2021-09-17Revision 36: Updated MySQL Server and CyberArk Password Vault for 6.3.x Guides. Added example syslog for Dell Force10 Router and Switch, Dell NSeries Switch, and Dell PowerConnect Switch and Router for 6.3.1 Guides.
2021-09-24Revision 37: Updated Squid Web Proxy with syslog configuration for versions 4.1.1 and later for 6.1.1-6.3.x Guides.
2021-10-06Revision 38: Added ArubaOS-CX Switch platform, Barracuda Web Application Firewall, and Cisco Umbrella to 6.3.2 Guide.
2021-10-08Revision 39: Updated Microsoft Windows Server SNMP Configuration and Removed older Microsoft SQL Scripts in 6.3.x Guides.
2021-10-29Revision 40: Updated Cisco Firepower Management Center (FMC) - Formerly FireSIGHT and FirePower Threat Defense : Using Cisco eStreamer Client for 6.x Guides.
2021-11-01Revision 41: Updated Configuring FortiSIEM through FortiOS REST API - Step 2: Create an Administrator Profile for 6.3.x.

2021-11-08

Revision 42: Updated Cisco Umbrella Prefix Configuration Information for 6.3.2.
2021-11-16Revision 43: Updated FortiSIEM External Ports with sFlow port number and protocol from External Devices to Supervisor/Worker/Collector.
2021-11-30Revision 44: Updated FortiSIEM External Ports Collector Communication table.
2021-12-06Revision 45: Updated Enable WinRM and set authentication in Microsoft Windows Server.
2021-12-08Revision 46: Updated Syslog over TLS section for 6.x.
2022-12-23Revision 47: Google Cloud Platform configuration updated for 6.3.1 and later.
2022-01-07Revision 48: SNMP V3 Traps section added.
2022-01-11Revision 49: Microsoft Windows Server section updated with OMI for 6.3.3 and later.
2022-01-13Revision 50: CrowdStrike Endpoint Security section updated for 6.2.x and later.

2022-01-18

Revision 51: Dell Force10 S4048T-ON added to Dell Force10 Router and Switch section for 6.4.0. Updated Configuring Box.com Service section for 6.4.0. Added Oracle Cloud Infrastructure for 6.4.0. Cisco Umbrella Prefix Configuration Functionality enhanced for 6.4.0. Windows Server 2022 support added for 6.4.0.
2022-02-04Revision 52: Added Configuring Windows Agent for Terminal Services for Microsoft Windows Server to 6.4.0 Guide.
2022-02-15Revision 53: Added Ports for OMI based monitoring and log collection in FortiSIEM External Ports section for 6.3.3 and later.
2022-03-01Revision 54: Added Flow Support section.
2022-03-02Revision 55: Updated MySQL Server - Settings for MySQL Server JDBC Access Credentials for Database Auditing - Audit Table field.
2022-03-16Revision 56: Microsoft Defender for Endpoint Legacy note updated. Also moved from Cloud Applications to End Point Security Software.
2022-03-22Revision 57: Configuring Tigera Calico to Send Logs link updated.
2022-03-23Revision 58: Fortinet FortiGate Firewall - REST API added to What is Discovered and Monitored.
2022-03-25Revision 59: Syslog via Rsyslog added for Apache Web Server and NGINX Web Server. Updated Configuration provided for Microsoft Defender for Endpoint.
2022-03-28Revision 60: Updated Microsoft Azure Audit Configuration section. Updated NGINX Web Server Syslog via Rsyslog configuration.
2022-03-29Revision 61: Updated Supported Devices and Applications by Vendor.
2022-04-04Revision 62: Added Zscaler Cloud Firewall.
2022-04-08Revision 63: Microsoft Defender for Endpoint content moved so current and legacy information are on the same page.
2022-05-09Revision 64: Added Nutanix Prism, AWS Simple Queue Service (aws-sqs), kerberos configuration for Microsoft Windows Servers for OMI Access Credentials, AWS S3 (Simple Storage Service), VMware NSX for vSphere, Cybereason. Modified MySQL Server. Updated SNMP v3 Traps.
2022-05-10Revision 65: Added Security Information and Event Management (SIEM) category, SAP Enterprise Threat Detection (ETD), and Ingesting JSON Formatted Events Received via HTTP(S) POST.
2022-05-12Revision 66: FortiSIEM External Ports/Ports Used by FortiSIEM for Discovery and Monitoring renamed to FortiSIEM Port Usage. FortiSIEM Port Usage updated.
2022-05-27Revision 67: AWS CloudTrail: Understanding AWS CloudTrail Configuration section added.
2022-06-06Revision 68: Supported Versions information added to Flow Support.
2022-06-08Revision 69: Updated Setup in FortiSIEM section in Cisco Umbrella Configuration.
2022-06-15Revision 70: FortiAI product name updated to FortiNDR.
2022-06-27Revision 71: Note added to FortiSIEM Port Usage.
2022-07-13Revision 72: Updated Using Cisco eStreamer Client section in Cisco FireSIGHT and FirePower Threat Defence.
2022-07-25Revision 73: Updated Microsoft Exchange.
2022-07-26Revision 74: Added: Appendix - Generic Log API Poller (HTTPS Advanced) Integration, Configuring Cisco Umbrella API Endpoints using Generic HTTPS Poller in Cisco Umbrella, and Configuring Microsoft Graph Incident API using Generic HTTPS Poller for 6.6.0.
2022-08-09Revision 75: Updated Configuring FortiSIEM for Sophos Central for API Access.
2022-08-15Revision 76: Updated FortiSIEM Port Usage with ClickHouse ports.
2022-08-17Revision 77: Updated FortiSIEM Port Usage section.
2022-09-07Revision 78: Updated FortiSIEM Port Usage section.
2022-09-15Revision 79: Updated Microsoft Windows Server and FortiSIEM Port Usage sections.
2022-09-16Revision 80: Updated Microsoft Windows Server section.
2022-10-06Revision 81: Added Workday Enterprise Suite (Workday Report API via Generic HTTPS Poller).
Note: Requires Content Update 305 for FortiSIEM 6.6.x.
2022-10-10Revision 82: Revision 82: Updated FortiSIEM Port Usage section.
2022-10-14Revision 83: Updated Microsoft Windows Server winexe note.
2022-10-31Revision 84: Updated Citrix Netscaler Application Delivery Controller (ADC) Configuration section.
2022-11-01Revision 85: Added Bitdefender GravityZone and Kaspersky to End Point Security Software section.
2022-11-08Revision 86: Updated Amazon Simple Storage Service (AWS S3)
2022-12-01Revision 87: Updated Microsoft Windows Server Data Collection Comparison - Agentless (WMI/OMI) versus FortiSIEM Windows Agent table.
2022-12-22Revision 88: Updated Microsoft Azure Event Hub - Configuration in Azure Step 4.

2023-01-03

2023-01-10Revision 90: Updated Cisco Call Manager - Configure FortiSIEM to Receive CDR Records from Cisco Call Manager.
2023-03-08Revision 91: Updated Cisco Umbrella section.
2023-03-09Revision 92: Updated Microsoft Azure Audit - Create IP Range to Credential Association and Test Connectivity in FortiSIEM section.
2023-03-24Revision 93: Updated Box/Box.com - "Configuring Box.com Service" section.
2023-04-10Revision 94: Updated Oracle WebLogic section.
2023-05-10Revision 95: Updated Enable Office 365 Audit Log Search section for Microsoft Office 365 Audit.
2023-05-30Revision 96: For 6.7.4 and later, added Syslog and added Netflow IPv4 and IPv6 to Flow Support.
2023-05-30Revision 97: Added FortiClient EMS. Updated FortiGate Firewall.
2023-06-22Revision 98: Added Windows 11 to OS Supported Versions for Microsoft Windows Server in FortiSIEM 6.5.0 and later.
2023-07-11Revision 99: Added Configuring JMX on JBoss 7.1 EAP to Red Hat JBoss section for 7.1.0.
2023-07-28Revision 100: Added Nessus10 to Tenable Nessus Vulnerability Scanner for 7.x.
2023-08-03Revision 101: Updated Blue Coat Web Proxy section.
2023-08-10Revision 102: Added Fortinet FortiRecon (FortiRecon API via Generic HTTPS Poller) for 7.1.0
2023-08-25Revision 103: Content Update - Added Armis Asset Intelligence Platform, Hillstone Firewall, Ubiquiti Wireless LAN.
2023-09-11Revision 104: Added G42 Cloud in Cloud Applications.
2023-09-28Revision 105: Updated Microsoft Windows Server.
2023-10-04Revision 106: Added Fortinet FortiNDR Cloud.
2023-10-18Revision 107: Updated Fortinet FortiGate Firewall.
2023-11-03Revision 108: Added Zscaler Nanolog Streaming Service (NSS).
2023-11-13Revision 109: Added Trend Vision One for 7.1.1.
2023-12-13Revision 110: Updated Note in "FortiGate User Device Store Discovery". Added AWS Access Key IAM Permissions and IAM Policies link to Amazon AWS EC2 section.

2024-01-08

Revision 111: Added Network Access Control category. FortiNAC moved to Network Access Control. Added HPE Aruba Networking ClearPass Policy Manager to Network Access Control.
2024-01-10Revision 112: Microsoft Defender for Endpoint (Previously Microsoft Windows Defender Advanced Threat Protection (ATP)) API endpoints updated (no longer beta). Added Microsoft Entra Identity Protection to Cloud Applications category.
2024-01-16Revision 113: Default LDAP and LDAPS ports (Global Catalog ports) updated for FortiSIEM LDAP/LDAPS configurations (IBM AIX, HP UX Server, Microsoft Active Directory, Microsoft Windows Server).
2024-02-06Revision 114: Added SQL Server 2022 support for Microsoft SQL Server. Added 7928 port entry for Supervisor Communication and Worker Communication in FortiSIEM Port Usage.
2024-02-26Revision 115: Changed "JDBC for Database Auditing - Oracle Database Server" to "JDBC for Database Auditing Via Unified Audit Trail" and updated configuration for Oracle Database Server.
2024-03-04Revision 116: Added "Create Access Token" to Configuring GitHub Server section for GitHub.
2024-03-06Revision 117: Moved "Generic Log API Poller (HTTPS Advanced) Integration" and "Ingesting JSON Formatted Events Received via HTTP(S) POST" out from Appendix.
2024-03-21Revision 118: Added the following FortiRecon API support information to FortiRecon section- /aci/<org_id>/leaked_creds - Displays any detected leaked credentials for your organization.
2024-03-26Revision 119: Updated CLI command in "Configuring FortiGate to send Syslog to FortiSIEM" for FortiGate.
2024-03-27Revision 120: Added "Collecting Microsoft Exchange Message Track Logs" in Microsoft Exchange.
2024-04-01Revision 121: Added Akamai Connected Cloud.
2024-04-02Revision 122: Updated FortiSIEM Port Usage Supervisor Communication, Worker Communication gRPC ports.
2024-04-11Revision 123: Updated Microsoft Windows Server 2012 R2 WinRM configuration.
2024-04-16Revision 124: Added "Required API Permissions for Trend Vision One Integration" for Trend Vision One.
2024-04-17Revision 125: Added "Syslog via Rsyslog Forwarding" under Syslog Integration to GitLab API.
2024-04-23Revision 126: Updated Performance Monitoring for Windows Agent in Microsoft Windows Server Performance Feature table. Updated FortiSIEM Port Usage table.
2024-04-29Revision 127: Recommendation updated for Microsoft Windows Server under What is Discovered and Monitored. Protocol updated for Tanium Connect.
2024-06-05Revision 128: Webhook Integration, Atlassian Beacon, GitLab, Mimecast Cloud Gateway, ForitPAM added. GitHub updated with Webhook configuration. How to Set Up a FortiSIEM Collector with a Public SSL/TLS Certificate added to Appendix.
2024-07-18Revision 129: Added SolarWind Orion.
2024-08-21Revision 130: Updated QNAP Turbo NAS.
2024-09-13Revision 131: Updated Fortinet FortiRecon.
  • FortiRecon_Generic_Poller_Templates.zip.
  • Manual Method (Defining the API Components) - Leaked Cards Walkthrough table.
  • 2 APIs added. One API updated.
2024-09-26Revision 132: Carbon Black Security Platform Configuration updated.
2024-10-02Revision 133: Updated Microsoft Office 365 Audit - Configuring Office 365 Auditing Step 2 and Step 3.
2024-10-23Revision 134: Added Microsoft Windows Server via Agent, Updated configuration for Apache Web Server, Juniper Networks Steel-Belted RADIUS, and Oracle Database Server.
2024-11-01Revision 135: Updated FortiGate section.

Change Log

Change Log

DateChange Description
2018-05-23Initial version of the guide.
2018-07-24 Revision 2 with a new section under Windows Server Configuration - Configuring Log Monitoring for Non-Administrative User.
2018-08-07 Revision 3 with updated section: Fortinet FortiGate Firewall
2018-09-12Revision 4 with updated section: Microsoft Azure Audit
2018-09-26Revision 5 with updated section: WatchGuard Firebox Firewall
2018-11-28Revision 6 with updated section: Fortinet FortiGate Firewall > Configuring SSH on FortiSIEM to communicate with FortiGate
2019-01-29Revision 7: updated section: Cisco FireSIGHT
2019-03-15Revision 8: new section: Threat Intelligence
2019-03-28Revision 9: updates the guide to reflect the new menu hierarchy in the FortiSIEM tool.
2019-04-24Revision 10: added Carbon Black Security Platform under End Point Security Software.
2019-07-24Revision 11: updated integration instructions for Microsoft Office 365 Audit.
2019-10-22Revision 12: added Clavister Firewall and FortiADC devices. Added Active Directory User Discovery section to Microsoft Active Directory device. Corrections to SQL Server DDL Event Creation Script and SQL Server Database Level Event Creation Script.
2019-11-22Revision 13: added Zeek (Bro) installation instructions for Security Onion, Cyberoam FortiADC, Epic SecuritySIEM, FortiEDR, FortiNAC, FortiDeceptor, Microsoft Network Policy Server, TrendMicro Deep Discovery. Changed the name of Cisco FireAMP to Cisco AMP Cloud V0. Changed the name of Cisco AMP to Cisco AMP Cloud V1.
2020-01-03Revision 14: added CradlePoint.
2020-04-15Revision 15: added Alert Logic Iris API, AWS Kinesis, AWS Security Hub, Cisco Amp, GitLab Cli, Azure Event Hub, Azure Compute, McAfee ePolicy Orchestrator, LastLine, Imperva Securesphere Web App Firewall, Imperva Securesphere DB Security Gateway, Imperva Securesphere DB Monitoring Gateway, Green League WVSS, FortiInsight, Damballa Failsafe, AWS EC2, Cisco Fireamp, Novell Netware, Green League RSAS, Checkpoint SmartCenter, FortiTester, Cisco Viptela, MobileIron, Duo, Indegy Industrial Cybersecurity Suite, Netwrix, Darktrace DCIP, Hirschmann SCADA Firewalls and Switches.
2020-07-22Revision 16: Edits to Cisco AMP Cloud V0 and Cisco AMP Cloud V1.
2020-10-09Revision 17: Added Alcide io KAudit, Stormshield Network Security and Tigera Calico
2020-12-18Revision 18: Added note to AWS CloudTrail API Configuration
2021-01-05Revision 19: Added Mapping Active Directory User Attributes to FortiSIEM User Attributes.
2021-02-03Revision 20: Updated Malwarebytes to Malwarebytes Endpoint Protection.
2021-03-03Revision 21: Added NetApp Data ONTAP Supported Version.
2021-03-18Revision 22: Added Claroty Continuous Threat Detection, Corero Smartwall Threat Defense, Dragos Platform, Malwarebytes Breach Remediation, Oracle Cloud Access Security Broker (CASB), Proofpoint.
2021-04-05Revision 23: Updated Linux server section.
2021-04-07Revision 24: Updated AWS Kinesis for 6.2.0.
2021-04-16Revision 25: Updated Microsoft Office 365 Audit "Create the Office 365 API Credential" steps.
2021-04-23Revision 26: Added Salesforce Configuration for 6.2.0, 6.1.x, 5.4.0, 5.3.x, 5.2.x releases.
2021-07-06Revision 27: Added Security Orchestration and FortiGate SNMPv3 setup example.
Updated: Cisco Firepower Threat Defense, Linux Server Rsyslog and Syslog-NG, AWS Security Hub, EC2 Cloudwatch API, AWS EC2 Discovery, Office365 API integration, Microsoft Azure Compute, Microsoft Windows Defender for Endpoint (Windows Defender ATP), Cisco IOS, Cisco FireSIGHT, Cisco Duo, Cisco FireAmp, Cisco Meraki Access Points, Rapid7 Nexpose, Rapid7 InsightVM, Google Workspace, Carbon Black Syslog setup, FortiManager syslog, FortiWeb syslog, FortiSandbox syslog, FortiAuthenticator syslog, FortiClient syslog, FortiADC syslog, FortiDeceptor syslog, FortiNAC syslog, FortiEDR syslog, FortiSOAR syslog. Environmental Sensors updated to Operational Technology, Syslog over TLS.
New Device Support: Microsoft Windows Print Service Log, AWS Elasticsearch Load Balancer Log, CyberX OT/IoT Security via Log, Digital Defense Vulnerability Scanner via API, FortiAI via Log, FortiCASB integration via API, HP ILO via SNMP Trap, Palo Alto Cortex XDR via Log, Palo Alto WildFire via Log through Palo Alto Firewall.
Device Support Extensions: CloudTrail Logs via AWS Kinesis, CyberArk Vault integration via REST API, FortiAnalyzer System Event Logs via Syslog, FortiEDR integration via API, FortiGate, FortiAP and FortiSwitch via FortiGate API, GCC High Tenant for Azure Audit, VPC Flog Logs via AWS Kinesis.
2021-07-22Revision 28: Updated AWS Kinesis Configuration for Configuring AWS CloudTrail Logs through Kinesis Streams, and Configuring VPC Flow Logs through Kinesis Streams.

2021-07-26

Revision 29: Updated Epilog/snare link for Oracle Database Server, Juniper Steel Belted RADIUS, and Apache Web Server configuration.
2021-07-30Revision 30: Updated Tenable Nessus Vulnerability Scanner configuration.
2021-08-02Revision 31: Updated Cisco FireSIGHT Configuration.
2021-08-26Revision 32: Updated AWS EC2 CloudWatch API, Googe Workspace / GSUITE, Zeek Network Security Monitor (Previously Bro). Added Microsoft Advanced Threat Analytics (ATA) On Premise Platform, KVM, FortiProxy, Google Cloud Platform, Mac OS, Otorio RAM2, UserGate UTM Firewall to 6.3.1.
2021-08-30Revision 33: Updated Microsoft SQL Server for 6.x Guides.
2021-08-31Revision 34: Added Syslog CEF Format configuration to Check Point FireWall-1 for 6.3.1 Guide.
2021-09-16Revision 35: Updated Dell Force10 Router and Switch, Dell NSeries Switch, and Dell PowerConnect Switch and Router for 6.3.1, and Microsoft Office 365 Audit for 6.3.x Guides.
2021-09-17Revision 36: Updated MySQL Server and CyberArk Password Vault for 6.3.x Guides. Added example syslog for Dell Force10 Router and Switch, Dell NSeries Switch, and Dell PowerConnect Switch and Router for 6.3.1 Guides.
2021-09-24Revision 37: Updated Squid Web Proxy with syslog configuration for versions 4.1.1 and later for 6.1.1-6.3.x Guides.
2021-10-06Revision 38: Added ArubaOS-CX Switch platform, Barracuda Web Application Firewall, and Cisco Umbrella to 6.3.2 Guide.
2021-10-08Revision 39: Updated Microsoft Windows Server SNMP Configuration and Removed older Microsoft SQL Scripts in 6.3.x Guides.
2021-10-29Revision 40: Updated Cisco Firepower Management Center (FMC) - Formerly FireSIGHT and FirePower Threat Defense : Using Cisco eStreamer Client for 6.x Guides.
2021-11-01Revision 41: Updated Configuring FortiSIEM through FortiOS REST API - Step 2: Create an Administrator Profile for 6.3.x.

2021-11-08

Revision 42: Updated Cisco Umbrella Prefix Configuration Information for 6.3.2.
2021-11-16Revision 43: Updated FortiSIEM External Ports with sFlow port number and protocol from External Devices to Supervisor/Worker/Collector.
2021-11-30Revision 44: Updated FortiSIEM External Ports Collector Communication table.
2021-12-06Revision 45: Updated Enable WinRM and set authentication in Microsoft Windows Server.
2021-12-08Revision 46: Updated Syslog over TLS section for 6.x.
2022-12-23Revision 47: Google Cloud Platform configuration updated for 6.3.1 and later.
2022-01-07Revision 48: SNMP V3 Traps section added.
2022-01-11Revision 49: Microsoft Windows Server section updated with OMI for 6.3.3 and later.
2022-01-13Revision 50: CrowdStrike Endpoint Security section updated for 6.2.x and later.

2022-01-18

Revision 51: Dell Force10 S4048T-ON added to Dell Force10 Router and Switch section for 6.4.0. Updated Configuring Box.com Service section for 6.4.0. Added Oracle Cloud Infrastructure for 6.4.0. Cisco Umbrella Prefix Configuration Functionality enhanced for 6.4.0. Windows Server 2022 support added for 6.4.0.
2022-02-04Revision 52: Added Configuring Windows Agent for Terminal Services for Microsoft Windows Server to 6.4.0 Guide.
2022-02-15Revision 53: Added Ports for OMI based monitoring and log collection in FortiSIEM External Ports section for 6.3.3 and later.
2022-03-01Revision 54: Added Flow Support section.
2022-03-02Revision 55: Updated MySQL Server - Settings for MySQL Server JDBC Access Credentials for Database Auditing - Audit Table field.
2022-03-16Revision 56: Microsoft Defender for Endpoint Legacy note updated. Also moved from Cloud Applications to End Point Security Software.
2022-03-22Revision 57: Configuring Tigera Calico to Send Logs link updated.
2022-03-23Revision 58: Fortinet FortiGate Firewall - REST API added to What is Discovered and Monitored.
2022-03-25Revision 59: Syslog via Rsyslog added for Apache Web Server and NGINX Web Server. Updated Configuration provided for Microsoft Defender for Endpoint.
2022-03-28Revision 60: Updated Microsoft Azure Audit Configuration section. Updated NGINX Web Server Syslog via Rsyslog configuration.
2022-03-29Revision 61: Updated Supported Devices and Applications by Vendor.
2022-04-04Revision 62: Added Zscaler Cloud Firewall.
2022-04-08Revision 63: Microsoft Defender for Endpoint content moved so current and legacy information are on the same page.
2022-05-09Revision 64: Added Nutanix Prism, AWS Simple Queue Service (aws-sqs), kerberos configuration for Microsoft Windows Servers for OMI Access Credentials, AWS S3 (Simple Storage Service), VMware NSX for vSphere, Cybereason. Modified MySQL Server. Updated SNMP v3 Traps.
2022-05-10Revision 65: Added Security Information and Event Management (SIEM) category, SAP Enterprise Threat Detection (ETD), and Ingesting JSON Formatted Events Received via HTTP(S) POST.
2022-05-12Revision 66: FortiSIEM External Ports/Ports Used by FortiSIEM for Discovery and Monitoring renamed to FortiSIEM Port Usage. FortiSIEM Port Usage updated.
2022-05-27Revision 67: AWS CloudTrail: Understanding AWS CloudTrail Configuration section added.
2022-06-06Revision 68: Supported Versions information added to Flow Support.
2022-06-08Revision 69: Updated Setup in FortiSIEM section in Cisco Umbrella Configuration.
2022-06-15Revision 70: FortiAI product name updated to FortiNDR.
2022-06-27Revision 71: Note added to FortiSIEM Port Usage.
2022-07-13Revision 72: Updated Using Cisco eStreamer Client section in Cisco FireSIGHT and FirePower Threat Defence.
2022-07-25Revision 73: Updated Microsoft Exchange.
2022-07-26Revision 74: Added: Appendix - Generic Log API Poller (HTTPS Advanced) Integration, Configuring Cisco Umbrella API Endpoints using Generic HTTPS Poller in Cisco Umbrella, and Configuring Microsoft Graph Incident API using Generic HTTPS Poller for 6.6.0.
2022-08-09Revision 75: Updated Configuring FortiSIEM for Sophos Central for API Access.
2022-08-15Revision 76: Updated FortiSIEM Port Usage with ClickHouse ports.
2022-08-17Revision 77: Updated FortiSIEM Port Usage section.
2022-09-07Revision 78: Updated FortiSIEM Port Usage section.
2022-09-15Revision 79: Updated Microsoft Windows Server and FortiSIEM Port Usage sections.
2022-09-16Revision 80: Updated Microsoft Windows Server section.
2022-10-06Revision 81: Added Workday Enterprise Suite (Workday Report API via Generic HTTPS Poller).
Note: Requires Content Update 305 for FortiSIEM 6.6.x.
2022-10-10Revision 82: Revision 82: Updated FortiSIEM Port Usage section.
2022-10-14Revision 83: Updated Microsoft Windows Server winexe note.
2022-10-31Revision 84: Updated Citrix Netscaler Application Delivery Controller (ADC) Configuration section.
2022-11-01Revision 85: Added Bitdefender GravityZone and Kaspersky to End Point Security Software section.
2022-11-08Revision 86: Updated Amazon Simple Storage Service (AWS S3)
2022-12-01Revision 87: Updated Microsoft Windows Server Data Collection Comparison - Agentless (WMI/OMI) versus FortiSIEM Windows Agent table.
2022-12-22Revision 88: Updated Microsoft Azure Event Hub - Configuration in Azure Step 4.

2023-01-03

2023-01-10Revision 90: Updated Cisco Call Manager - Configure FortiSIEM to Receive CDR Records from Cisco Call Manager.
2023-03-08Revision 91: Updated Cisco Umbrella section.
2023-03-09Revision 92: Updated Microsoft Azure Audit - Create IP Range to Credential Association and Test Connectivity in FortiSIEM section.
2023-03-24Revision 93: Updated Box/Box.com - "Configuring Box.com Service" section.
2023-04-10Revision 94: Updated Oracle WebLogic section.
2023-05-10Revision 95: Updated Enable Office 365 Audit Log Search section for Microsoft Office 365 Audit.
2023-05-30Revision 96: For 6.7.4 and later, added Syslog and added Netflow IPv4 and IPv6 to Flow Support.
2023-05-30Revision 97: Added FortiClient EMS. Updated FortiGate Firewall.
2023-06-22Revision 98: Added Windows 11 to OS Supported Versions for Microsoft Windows Server in FortiSIEM 6.5.0 and later.
2023-07-11Revision 99: Added Configuring JMX on JBoss 7.1 EAP to Red Hat JBoss section for 7.1.0.
2023-07-28Revision 100: Added Nessus10 to Tenable Nessus Vulnerability Scanner for 7.x.
2023-08-03Revision 101: Updated Blue Coat Web Proxy section.
2023-08-10Revision 102: Added Fortinet FortiRecon (FortiRecon API via Generic HTTPS Poller) for 7.1.0
2023-08-25Revision 103: Content Update - Added Armis Asset Intelligence Platform, Hillstone Firewall, Ubiquiti Wireless LAN.
2023-09-11Revision 104: Added G42 Cloud in Cloud Applications.
2023-09-28Revision 105: Updated Microsoft Windows Server.
2023-10-04Revision 106: Added Fortinet FortiNDR Cloud.
2023-10-18Revision 107: Updated Fortinet FortiGate Firewall.
2023-11-03Revision 108: Added Zscaler Nanolog Streaming Service (NSS).
2023-11-13Revision 109: Added Trend Vision One for 7.1.1.
2023-12-13Revision 110: Updated Note in "FortiGate User Device Store Discovery". Added AWS Access Key IAM Permissions and IAM Policies link to Amazon AWS EC2 section.

2024-01-08

Revision 111: Added Network Access Control category. FortiNAC moved to Network Access Control. Added HPE Aruba Networking ClearPass Policy Manager to Network Access Control.
2024-01-10Revision 112: Microsoft Defender for Endpoint (Previously Microsoft Windows Defender Advanced Threat Protection (ATP)) API endpoints updated (no longer beta). Added Microsoft Entra Identity Protection to Cloud Applications category.
2024-01-16Revision 113: Default LDAP and LDAPS ports (Global Catalog ports) updated for FortiSIEM LDAP/LDAPS configurations (IBM AIX, HP UX Server, Microsoft Active Directory, Microsoft Windows Server).
2024-02-06Revision 114: Added SQL Server 2022 support for Microsoft SQL Server. Added 7928 port entry for Supervisor Communication and Worker Communication in FortiSIEM Port Usage.
2024-02-26Revision 115: Changed "JDBC for Database Auditing - Oracle Database Server" to "JDBC for Database Auditing Via Unified Audit Trail" and updated configuration for Oracle Database Server.
2024-03-04Revision 116: Added "Create Access Token" to Configuring GitHub Server section for GitHub.
2024-03-06Revision 117: Moved "Generic Log API Poller (HTTPS Advanced) Integration" and "Ingesting JSON Formatted Events Received via HTTP(S) POST" out from Appendix.
2024-03-21Revision 118: Added the following FortiRecon API support information to FortiRecon section- /aci/<org_id>/leaked_creds - Displays any detected leaked credentials for your organization.
2024-03-26Revision 119: Updated CLI command in "Configuring FortiGate to send Syslog to FortiSIEM" for FortiGate.
2024-03-27Revision 120: Added "Collecting Microsoft Exchange Message Track Logs" in Microsoft Exchange.
2024-04-01Revision 121: Added Akamai Connected Cloud.
2024-04-02Revision 122: Updated FortiSIEM Port Usage Supervisor Communication, Worker Communication gRPC ports.
2024-04-11Revision 123: Updated Microsoft Windows Server 2012 R2 WinRM configuration.
2024-04-16Revision 124: Added "Required API Permissions for Trend Vision One Integration" for Trend Vision One.
2024-04-17Revision 125: Added "Syslog via Rsyslog Forwarding" under Syslog Integration to GitLab API.
2024-04-23Revision 126: Updated Performance Monitoring for Windows Agent in Microsoft Windows Server Performance Feature table. Updated FortiSIEM Port Usage table.
2024-04-29Revision 127: Recommendation updated for Microsoft Windows Server under What is Discovered and Monitored. Protocol updated for Tanium Connect.
2024-06-05Revision 128: Webhook Integration, Atlassian Beacon, GitLab, Mimecast Cloud Gateway, ForitPAM added. GitHub updated with Webhook configuration. How to Set Up a FortiSIEM Collector with a Public SSL/TLS Certificate added to Appendix.
2024-07-18Revision 129: Added SolarWind Orion.
2024-08-21Revision 130: Updated QNAP Turbo NAS.
2024-09-13Revision 131: Updated Fortinet FortiRecon.
  • FortiRecon_Generic_Poller_Templates.zip.
  • Manual Method (Defining the API Components) - Leaked Cards Walkthrough table.
  • 2 APIs added. One API updated.
2024-09-26Revision 132: Carbon Black Security Platform Configuration updated.
2024-10-02Revision 133: Updated Microsoft Office 365 Audit - Configuring Office 365 Auditing Step 2 and Step 3.
2024-10-23Revision 134: Added Microsoft Windows Server via Agent, Updated configuration for Apache Web Server, Juniper Networks Steel-Belted RADIUS, and Oracle Database Server.
2024-11-01Revision 135: Updated FortiGate section.