Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.5.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiSIEM 7.5.0 User Guide
    7.5.0
    7.5.1
    7.5.0
    7.4.2
    7.4.1
    7.4.0
    7.3.5
    7.3.4
    7.3.3
    7.3.2
    7.3.1
    7.3.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.9
    7.1.8
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    4.10.0
    4.9.0
    4.8.1
    4.7.2

    ConnectWise Integration

    ConnectWise Integration

    Adding a Client ID for ConnectWise Integration

    ConnectWise has recently changed their policy and requires that vendors create a client ID in order to integrate with FortiSIEM. Due to this change and restriction from ConnectWise, Fortinet has published a public client ID in order to allow clients to integrate with ConnectWise. This Client ID is 1a7ed749-47a1-4d3e-94b0-696288a1140f.

    Note: A ConnectWise working account is required before integration can occur.

    To add this client ID for ConnectWise, take the following steps.

    1. Go to Admin > Settings >General > External Integration.
    2. Click + to create a new Integration Policy or select an existing Integration Policy and click the Edit () icon to edit it.
    3. From the Vendor drop-down list, select ConnectWise.
    4. In the Client ID field, paste the following Client ID:
      1a7ed749-47a1-4d3e-94b0-696288a1140f
    5. Make any necessary configuration changes.
    6. Click Save.

    Configuring ConnectWise for FortiSIEM Integration

    1. Log in to ConnectWise MANAGE.
    2. Go to Setup Tables > Integrator Login List.
    3. Create a new Integrator Login for FortiSIEM:
      1. Enter Username.
      2. Enter Password.
      3. Set Access Level to Records created by integrator.
      4. Enable Service Ticket API for Incident Integration.
      5. Enable Configure API for CMDB Integration.
    4. For Service Provider Configurations, create Companies by creating:
      1. Company Name
      2. Company ID

    ConnectWise Incident Outbound Integration

    Step 1: Create an Integration

    1. Log into your Supervisor node with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click +.
    4. For Type, select Incident.
    5. For Direction, select Outbound.
    6. For Vendor, select the vendor of the system you want to connect to. ConnectWise is supported out of the box.
      When you select the Vendor:
      1. An Instance is created - this is the unique name for this policy. For example if you had two ConnectWise installations, each would have different Instance names.
      2. Choose whether the Plugin Type is SOAP or REST.
        Note: The SOAP method is deprecated, so you should select REST.
      3. A default Plugin Name is populated - this is the Java code that implements the integration including connecting to the external help desk systems and synching the CMDB elements. The plugin is automatically populated for ConnectWise. For other vendors, you must create your own plugin and enter the plugin name here.
    7. For Host/URL, enter the host name or URL of the external system. For ConnectWise, enter the login URL of the ConnectWise instance. Make sure to include the https:// prefix.
      Example: https://my.login.test
    8. For Company, enter the company name that you use when logging in to ConnectWise Manage. Do not use the company name from within ConnectWise.
    9. If you chose SOAP as Plugin Type, enter a User Name, Password, and Client ID that the system can use to authenticate with the external system. For ConnectWise, select the credentials created in Configuring ConnectWise for FortiSIEM Integration, Step 3. If you chose REST, enter the Public Key and the Private Key and Client ID.
      Note: The Client ID is 1a7ed749-47a1-4d3e-94b0-696288a1140f. See Adding a Client ID for ConnectWise Integration for more information.
      To get your Public Key and Private Key from ConnectWise, login and take the following steps.
      1. In the upper right part of the window, click your account name to open a drop-down list, and select My Account.
      2. Click the API Keys tab, and create your private and public keys, keeping a record of what they are so you can enter them in the FortiSIEM configuration in the Private Key and Public Key fields.
    10. For Incidents Comments Template, specify the formatting using the incident fields.
    11. For Organization Mapping, click Edit to create mappings between the organizations in your FortiSIEM deployment and the names of the organization in the external system. In ConnectWise, locate and use the Company ID field under Company Details in ConnectWise for the FortiSIEM Organization Mapping, NOT the company name.

    12. For Run For, choose the organizations for whom tickets will be created.
    13. Enter the Max Incidents to be recorded.
      Note: The default number for Max Incidents is 50. When running this the first time with the default number, you may encounter a 502 proxy error due to the initial volume of incidents being requested. In this situation, you can change the Max Incidents value to 5 or 10 initially, then change it after running the ConnectWise integration once.
    14. Click Save.

    Step 2: Link Integration to an Automation Policy

    You need to link the integration to an automation policy, so that the integration runs when the automation policy triggers.

    Take the following steps.

    1. Go to Admin > Settings > General > Automation Policy.
    2. Click + to create a new policy or click the Edit () icon to edit an existing policy.
    3. In the Automation Policy dialog box, select Action > Invoke an Integration Policy, then select the edit icon.
    4. Choose a specific integration from the drop-down list.
    5. Click Save.

    ConnectWise Incident Inbound Integration

    This updates the FortiSIEM incident state and clears the incident when the incident is cleared in the external help desk system. Built-in integrations are available for ConnectWise.

    The steps are:

    1. Create an Incident Inbound integration schedule.
    2. Create a schedule for automatically running the Incident Inbound integration.

      3. This will update the FortiSIEM incident inbound integration schedule and clears the incident when the incident is cleared in the external help desk system.

    Step 1: Create an Incident Inbound integration

    1. Log into your Supervisor node with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click +.
    4. For Type, select Incident.
    5. For Direction, select Inbound.
    6. For Vendor, select the vendor of the system you want to connect to. ConnectWise is supported out of the box.
      When you select the Vendor:
      1. An Instance is created - this is the unique name for this policy. For example if you had two ConnectWise installations, each would have different Instance names.
      2. Choose whether the Plugin Type is SOAP or REST.
      3. A default Plugin Name is populated. This is the Java code that implements the integration including connecting to the external help desk systems and synching the CMDB elements. The plugin is automatically populated for ConnectWise. For other vendors, you must create your own plugin and enter the plugin name here.
    7. For Host/URL, enter the host name or URL of the external system (see section Configuring external helpdesk systems). For ConnectWise, select the login URL.
    8. If you chose SOAP as Plugin Type, enter a User Name, Password, and Client ID that the system can use to authenticate with the external system. For ConnectWise, select the credentials created in Configuring ConnectWise for FortiSIEM Integration, Step 3. If you chose REST, enter the Public Key, the Private Key, and Client ID.
    9. For Time Window, select the number of hours for which incident states will be synched. For example, if time windows is set to 10 hours, the states of incidents that occurred in the last 10 hours will be synched.
    10. Click Save.

    Step 2: Create an Incident Inbound integration schedule

    This will update FortiSIEM following incident fields when ticket state is updated in the external ticketing system.

    • External Ticket State
    • Ticket State
    • External Cleared Time
    • External Resolve Time

    Note: FortiSIEM does not support custom mapping, only "new" and "closed", and the incident resolution is not updated.

    Follow these steps.

    1. Log into your FortiSIEM Supervisor with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click the Schedule () icon and then click +.
      1. Select the integration policy.
      2. Select a schedule.

    ConnectWise CMDB Outbound Integration

    CMDB Outbound Integration populates an external CMDB from FortiSIEM’s own CMDB. Built in integrations are available for ServiceNow, ConnectWise and Salesforce.

    Step 1: Create a CMDB Outbound Integration

    1. Log into your Supervisor node with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click +.
    4. For Type, select Device.
    5. For Direction, select Outbound.
    6. For Vendor, select the vendor of the system you want to connect to. ConnectWise is supported out of the box.
      When you select the Vendor:
      1. An Instance is created - this is the unique name for this policy. For example if you had two ConnectWise installations, each would have different Instance names.
      2. Choose whether the Plugin Type is SOAP or REST.
      3. A default Plugin Name is populated - this is the Java code that implements the integration including connecting to the external help desk systems and synching the CMDB elements. The plugin is automatically populated for ConnectWise. For other vendors, you have to create your own plugin and type in the plugin name here.
    7. For Host/URL, enter the host name or URL of the external system. For ConnectWise, select the login URL.
    8. If you chose SOAP as Plugin Type, enter a User Name, Password, and Client ID that the system can use to authenticate with the external system. For ConnectWise, select the credentials created in Configuring ConnectWise for FortiSIEM Integration, Step 3. If you chose REST, enter the Public Key and the Private Key in addition to the User Name, Password, and Client ID.
    9. For Organization Mapping, click Edit to create mappings between the organizations in your FortiSIEM deployment and the names of the organization in the external system. For ConnectWise, select the Company name in Configuring ConnectWise for FortiSIEM Integration, Step 4.
    10. For Run For, choose the organizations for whom tickets will be created.
    11. For ConnectWise, it is possible to define a Content Mapping.
      1. Enter Column Mapping values:
        1. To add a new mapping, click the + button.
        2. Choose FortiSIEM CMDB attribute as the Source Column.
        3. Enter external (ConnectWise) attribute as the Destination Column.
        4. Specify Default Mapped Value as the value assigned to the Destination Column if the Source Column is not found in Data Mapping definitions.
        5. Select Put to a Question is the Destination Column is a custom column in ConnectWise.
      2. Enter Data Mapping values:
        1. Choose the (Destination) Column Name.
        2. Enter From as the value in FortiSIEM.
        3. Enter To as the value in ConnectWise.
    12. For Groups, select the FortiSIEM CMDB Groups whose member devices would be synched to external CMDB.
    13. Select Run after Discovery if you want this export to take place after you have run discovery in your system. This is the only way to push automatic changes from FortiSIEM to the external system.
    14. Enter the Max Devices: the number of devices to send to the external system.
    15. Click Save.

    Step 2: Create a CMDB Outbound Integration Schedule

    Updating external CMDB automatically after FortiSIEM discovery:

    1. Create an integration policy.
    2. Make sure Run after Discovery is checked.
    3. Click Save.

    Updating external CMDB on a schedule:

    1. Log into your FortiSIEM Supervisor with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click the Schedule () icon and then click +.
      1. Select the integration policies.
      2. Select a schedule.

    Updating external CMDB on-demand (one-time):

    1. Log into your FortiSIEM Supervisor with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Select a specific integration policy and click Run.
    Previous
    Next

    ConnectWise Integration

    ConnectWise Integration

    Adding a Client ID for ConnectWise Integration

    ConnectWise has recently changed their policy and requires that vendors create a client ID in order to integrate with FortiSIEM. Due to this change and restriction from ConnectWise, Fortinet has published a public client ID in order to allow clients to integrate with ConnectWise. This Client ID is 1a7ed749-47a1-4d3e-94b0-696288a1140f.

    Note: A ConnectWise working account is required before integration can occur.

    To add this client ID for ConnectWise, take the following steps.

    1. Go to Admin > Settings >General > External Integration.
    2. Click + to create a new Integration Policy or select an existing Integration Policy and click the Edit () icon to edit it.
    3. From the Vendor drop-down list, select ConnectWise.
    4. In the Client ID field, paste the following Client ID:
      1a7ed749-47a1-4d3e-94b0-696288a1140f
    5. Make any necessary configuration changes.
    6. Click Save.

    Configuring ConnectWise for FortiSIEM Integration

    1. Log in to ConnectWise MANAGE.
    2. Go to Setup Tables > Integrator Login List.
    3. Create a new Integrator Login for FortiSIEM:
      1. Enter Username.
      2. Enter Password.
      3. Set Access Level to Records created by integrator.
      4. Enable Service Ticket API for Incident Integration.
      5. Enable Configure API for CMDB Integration.
    4. For Service Provider Configurations, create Companies by creating:
      1. Company Name
      2. Company ID

    ConnectWise Incident Outbound Integration

    Step 1: Create an Integration

    1. Log into your Supervisor node with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click +.
    4. For Type, select Incident.
    5. For Direction, select Outbound.
    6. For Vendor, select the vendor of the system you want to connect to. ConnectWise is supported out of the box.
      When you select the Vendor:
      1. An Instance is created - this is the unique name for this policy. For example if you had two ConnectWise installations, each would have different Instance names.
      2. Choose whether the Plugin Type is SOAP or REST.
        Note: The SOAP method is deprecated, so you should select REST.
      3. A default Plugin Name is populated - this is the Java code that implements the integration including connecting to the external help desk systems and synching the CMDB elements. The plugin is automatically populated for ConnectWise. For other vendors, you must create your own plugin and enter the plugin name here.
    7. For Host/URL, enter the host name or URL of the external system. For ConnectWise, enter the login URL of the ConnectWise instance. Make sure to include the https:// prefix.
      Example: https://my.login.test
    8. For Company, enter the company name that you use when logging in to ConnectWise Manage. Do not use the company name from within ConnectWise.
    9. If you chose SOAP as Plugin Type, enter a User Name, Password, and Client ID that the system can use to authenticate with the external system. For ConnectWise, select the credentials created in Configuring ConnectWise for FortiSIEM Integration, Step 3. If you chose REST, enter the Public Key and the Private Key and Client ID.
      Note: The Client ID is 1a7ed749-47a1-4d3e-94b0-696288a1140f. See Adding a Client ID for ConnectWise Integration for more information.
      To get your Public Key and Private Key from ConnectWise, login and take the following steps.
      1. In the upper right part of the window, click your account name to open a drop-down list, and select My Account.
      2. Click the API Keys tab, and create your private and public keys, keeping a record of what they are so you can enter them in the FortiSIEM configuration in the Private Key and Public Key fields.
    10. For Incidents Comments Template, specify the formatting using the incident fields.
    11. For Organization Mapping, click Edit to create mappings between the organizations in your FortiSIEM deployment and the names of the organization in the external system. In ConnectWise, locate and use the Company ID field under Company Details in ConnectWise for the FortiSIEM Organization Mapping, NOT the company name.

    12. For Run For, choose the organizations for whom tickets will be created.
    13. Enter the Max Incidents to be recorded.
      Note: The default number for Max Incidents is 50. When running this the first time with the default number, you may encounter a 502 proxy error due to the initial volume of incidents being requested. In this situation, you can change the Max Incidents value to 5 or 10 initially, then change it after running the ConnectWise integration once.
    14. Click Save.

    Step 2: Link Integration to an Automation Policy

    You need to link the integration to an automation policy, so that the integration runs when the automation policy triggers.

    Take the following steps.

    1. Go to Admin > Settings > General > Automation Policy.
    2. Click + to create a new policy or click the Edit () icon to edit an existing policy.
    3. In the Automation Policy dialog box, select Action > Invoke an Integration Policy, then select the edit icon.
    4. Choose a specific integration from the drop-down list.
    5. Click Save.

    ConnectWise Incident Inbound Integration

    This updates the FortiSIEM incident state and clears the incident when the incident is cleared in the external help desk system. Built-in integrations are available for ConnectWise.

    The steps are:

    1. Create an Incident Inbound integration schedule.
    2. Create a schedule for automatically running the Incident Inbound integration.

      3. This will update the FortiSIEM incident inbound integration schedule and clears the incident when the incident is cleared in the external help desk system.

    Step 1: Create an Incident Inbound integration

    1. Log into your Supervisor node with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click +.
    4. For Type, select Incident.
    5. For Direction, select Inbound.
    6. For Vendor, select the vendor of the system you want to connect to. ConnectWise is supported out of the box.
      When you select the Vendor:
      1. An Instance is created - this is the unique name for this policy. For example if you had two ConnectWise installations, each would have different Instance names.
      2. Choose whether the Plugin Type is SOAP or REST.
      3. A default Plugin Name is populated. This is the Java code that implements the integration including connecting to the external help desk systems and synching the CMDB elements. The plugin is automatically populated for ConnectWise. For other vendors, you must create your own plugin and enter the plugin name here.
    7. For Host/URL, enter the host name or URL of the external system (see section Configuring external helpdesk systems). For ConnectWise, select the login URL.
    8. If you chose SOAP as Plugin Type, enter a User Name, Password, and Client ID that the system can use to authenticate with the external system. For ConnectWise, select the credentials created in Configuring ConnectWise for FortiSIEM Integration, Step 3. If you chose REST, enter the Public Key, the Private Key, and Client ID.
    9. For Time Window, select the number of hours for which incident states will be synched. For example, if time windows is set to 10 hours, the states of incidents that occurred in the last 10 hours will be synched.
    10. Click Save.

    Step 2: Create an Incident Inbound integration schedule

    This will update FortiSIEM following incident fields when ticket state is updated in the external ticketing system.

    • External Ticket State
    • Ticket State
    • External Cleared Time
    • External Resolve Time

    Note: FortiSIEM does not support custom mapping, only "new" and "closed", and the incident resolution is not updated.

    Follow these steps.

    1. Log into your FortiSIEM Supervisor with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click the Schedule () icon and then click +.
      1. Select the integration policy.
      2. Select a schedule.

    ConnectWise CMDB Outbound Integration

    CMDB Outbound Integration populates an external CMDB from FortiSIEM’s own CMDB. Built in integrations are available for ServiceNow, ConnectWise and Salesforce.

    Step 1: Create a CMDB Outbound Integration

    1. Log into your Supervisor node with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click +.
    4. For Type, select Device.
    5. For Direction, select Outbound.
    6. For Vendor, select the vendor of the system you want to connect to. ConnectWise is supported out of the box.
      When you select the Vendor:
      1. An Instance is created - this is the unique name for this policy. For example if you had two ConnectWise installations, each would have different Instance names.
      2. Choose whether the Plugin Type is SOAP or REST.
      3. A default Plugin Name is populated - this is the Java code that implements the integration including connecting to the external help desk systems and synching the CMDB elements. The plugin is automatically populated for ConnectWise. For other vendors, you have to create your own plugin and type in the plugin name here.
    7. For Host/URL, enter the host name or URL of the external system. For ConnectWise, select the login URL.
    8. If you chose SOAP as Plugin Type, enter a User Name, Password, and Client ID that the system can use to authenticate with the external system. For ConnectWise, select the credentials created in Configuring ConnectWise for FortiSIEM Integration, Step 3. If you chose REST, enter the Public Key and the Private Key in addition to the User Name, Password, and Client ID.
    9. For Organization Mapping, click Edit to create mappings between the organizations in your FortiSIEM deployment and the names of the organization in the external system. For ConnectWise, select the Company name in Configuring ConnectWise for FortiSIEM Integration, Step 4.
    10. For Run For, choose the organizations for whom tickets will be created.
    11. For ConnectWise, it is possible to define a Content Mapping.
      1. Enter Column Mapping values:
        1. To add a new mapping, click the + button.
        2. Choose FortiSIEM CMDB attribute as the Source Column.
        3. Enter external (ConnectWise) attribute as the Destination Column.
        4. Specify Default Mapped Value as the value assigned to the Destination Column if the Source Column is not found in Data Mapping definitions.
        5. Select Put to a Question is the Destination Column is a custom column in ConnectWise.
      2. Enter Data Mapping values:
        1. Choose the (Destination) Column Name.
        2. Enter From as the value in FortiSIEM.
        3. Enter To as the value in ConnectWise.
    12. For Groups, select the FortiSIEM CMDB Groups whose member devices would be synched to external CMDB.
    13. Select Run after Discovery if you want this export to take place after you have run discovery in your system. This is the only way to push automatic changes from FortiSIEM to the external system.
    14. Enter the Max Devices: the number of devices to send to the external system.
    15. Click Save.

    Step 2: Create a CMDB Outbound Integration Schedule

    Updating external CMDB automatically after FortiSIEM discovery:

    1. Create an integration policy.
    2. Make sure Run after Discovery is checked.
    3. Click Save.

    Updating external CMDB on a schedule:

    1. Log into your FortiSIEM Supervisor with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click the Schedule () icon and then click +.
      1. Select the integration policies.
      2. Select a schedule.

    Updating external CMDB on-demand (one-time):

    1. Log into your FortiSIEM Supervisor with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Select a specific integration policy and click Run.
    Previous
    Next