Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiSIEM 7.5.0 User Guide
    7.5.0
    7.5.0
    7.4.2
    7.4.1
    7.4.0
    7.3.5
    7.3.4
    7.3.3
    7.3.2
    7.3.1
    7.3.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.9
    7.1.8
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    4.10.0
    4.9.0
    4.8.1
    4.7.2

    CMDB

    CMDB

    FortiSIEM enables you to perform the following CMDB advanced operations.

    Discovering Users

    Users can be discovered via LDAP, OpenLDAP, or they can be added manually. Discovering users via OpenLDAP or OKTA are similar.

    To discover users in Windows Active Directory, discover the Windows Domain Controller:

    1. Go to Admin > Setup > Credentials.
    2. Click + to create an LDAP discovery credential by entering the following in the Access Method Definition dialog box:
      1. Name for the credential
      2. Device Type as "Microsoft Windows Server 2012 R2"
      3. Access Protocol as "LDAP"
      4. Used For as "Microsoft Active Directory"
      5. Enter the Base DN and NetBios Domain
    3. Test the LDAP Credentials.
    4. Run discovery.
    5. Go to CMDB > Users.
    6. Click the "Refresh" icon on left panel and see the users displayed on the right panel.

    To add users manually:

    1. Go to CMDB > Users.
    2. Click New and add the user information.

    For details about Discovering Users, see here (Refer to the table by searching: Credentials for Microsoft Windows Server)

    For details about Adding Users, see here.

    Creating FortiSIEM Users

    To create users that access FortiSIEM:

    1. Login as a user with "Full Admin" rights.
    2. Create the user in CMDB.
    3. Set a password – after logging in, the user can set a new password.
    4. Select the user and click Edit.
    5. Select System Admin and enter the following:
      1. Authentication Mode - "Local" or "External"
      2. Enterprise case - select the Role
      3. Service Provide Case - select the Role for each Organization

    For details about creating users, see here.

    To change the password:

    1. Login as the user.
    2. Click the "User Profile" icon on the top-right corner.
    3. Click Save.

    Setting External Authentication

    FortiSIEM users can be authenticated in two ways:

    • Local authentication – user credentials are stored in FortiSIEM
    • External authentication – user credentials are stored in an external database (AAA Server or Active Directory) and FortiSIEM communicates with the external database to authenticate the user

    Step 1: Set up an Authentication Profile

    1. Login as a user with Full Admin rights.
    2. Create an authentication profile by visiting Admin > Settings > General > External Authentication.
    3. Click +.
    4. Provide the following information in the External Authentication Profile dialog box:
      1. Enter a Name for the profile
      2. Select an Organization from the drop-down list
      3. Set Protocol appropriately (for example, LDAP, LDAPS, or LDAPTLS for Active Directory)
      4. Enter the IP/Host and Port number
    5. Make sure the credentials are defined in Admin > Setup > Credentials.
    6. Select the entry and click Test to ensure it works correctly.

    Step 2: Attach the Authentication Profile to the user

    1. Select the user under CMDB > User and click Edit.
    2. Select System Admin and click the edit icon.
    3. Set Mode to "External" and set the Authentication Profile created.

    For details about Setting up Authentication Profiles, see here.

    For details about Editing Users, see here.

    Setting 2-Factor Authentication

    FortiSIEM supports Duo as 2-factor authentication for FortiSIEM users:

    Step 1: Set up an Authentication Profile

    1. Login as a user with Full Admin rights.
    2. Create an authentication profile by visiting Admin > Settings > General > External Authentication:
      1. Set Protocol to "Duo"
      2. Make sure the credentials are defined in Admin > Setup > Credentials
      3. Select the entry and click Test to make sure it works correctly

    Step 2: Attach the Authentication Profile to the user

    • Select the user CMDB > Users and click Edit
    • Select System Admin and click the edit icon
    • Set Mode to "External" and set the Authentication Profile created

    For details about Setting up Authentication Profiles, see here.

    For details about Editing Users, see here.

    Assigning FortiSIEM Roles to Users

    FortiSIEM allows the admin user to create Roles based on what data the user can see what the user can do with the data. To set up Roles:

    Step 1: Create a Role of your choice

    1. Login as a user with Full Admin rights.
    2. Go to Admin > Settings > Role > Role Management.
    3. Make sure there is a Role that suits your needs. If not, then create a new one by clicking + and entering the required information. You can also Clone an existing Role and make the changes.

    Step 2: Attach the Role to the user

    1. Select the user CMDB > Users and click Edit.
    2. Select System Admin and click the edit icon.
    3. Set Default Role:
      1. Enterprise case – select the Role
      2. Service Provide Case – select Role for each Organization

    For details about Setting up Roles, see here.

    For details about Editing Users,see here.

    Creating Business Services

    Business Service is a smart grouping of devices. Once created, incidents are tagged with the impacted Business Service(s) and you can see business service health in a custom Business Service dashboard.

    For details about creating a Business Service, see here.

    For details about setting up Dynamic Business Service, see here.

    For details about viewing Business Service health, see here.

    Creating Dynamic CMDB Groups and Business Services

    CMDB Groups are a key concept in FortiSIEM. Rules and Reports make extensive use of CMDB Groups. While inbuilt CMDB Groups are auto-populated by Discovery, user-defined ones and Business Services are not. You can use the Dynamic CMDB Group feature to make mass changes to user-defined CMDB Groups and Business Services.

    To create Dynamic CMDB Group Assignment Rules:

    1. Login as a user with Admin tab modification rights.
    2. Go to Admin > Settings > Discovery > CMDB Groups.
    3. Click +.
    4. Enter CMDB Membership Criteria based on Vendor, Model, Host Name and IP Range.
    5. Select the CMDB group (Groups) or Business Services (Biz Services) to which the Device would belong if the criteria in Step 3 is met.
    6. Click Save.

    You can now click Apply to immediately move the Devices to the desired CMDB Groups and Business Services. Discovery will also honor those rules – so newly discovered devices would belong to the desired CMDB Groups and Business Services.

    For details about Setting up Dynamic CMDB Groups and Business Services, see here.

    Setting Device Geo-Location

    FortiSIEM has location information for public IP addresses. For private address space, you can define the locations as follows:

    1. Login as a user with Admin tab modification rights.
    2. Go to Admin > Settings > Discovery > Location.
    3. Click +.
    4. Enter IP/IP Range.
    5. Specify the Corresponding Location for the IP address Range.
    6. Select Update Manual Devices if you want already discovered device locations to be updated.
    7. Click Save.
      You can now click Apply to set the geo-locations for all devices matching the IP ranges.

    For details about Setting Device Location, see here.

    Creating CMDB Reports

    If you want to extract data from FortiSIEM CMDB and produce a report, FortiSIEM can run a CMDB Report and display the values on the screen and allows you to export the data into a PDF or CSV file.

    For details about Creating CMDB Reports, see here.

    Previous
    Next

    CMDB

    CMDB

    FortiSIEM enables you to perform the following CMDB advanced operations.

    Discovering Users

    Users can be discovered via LDAP, OpenLDAP, or they can be added manually. Discovering users via OpenLDAP or OKTA are similar.

    To discover users in Windows Active Directory, discover the Windows Domain Controller:

    1. Go to Admin > Setup > Credentials.
    2. Click + to create an LDAP discovery credential by entering the following in the Access Method Definition dialog box:
      1. Name for the credential
      2. Device Type as "Microsoft Windows Server 2012 R2"
      3. Access Protocol as "LDAP"
      4. Used For as "Microsoft Active Directory"
      5. Enter the Base DN and NetBios Domain
    3. Test the LDAP Credentials.
    4. Run discovery.
    5. Go to CMDB > Users.
    6. Click the "Refresh" icon on left panel and see the users displayed on the right panel.

    To add users manually:

    1. Go to CMDB > Users.
    2. Click New and add the user information.

    For details about Discovering Users, see here (Refer to the table by searching: Credentials for Microsoft Windows Server)

    For details about Adding Users, see here.

    Creating FortiSIEM Users

    To create users that access FortiSIEM:

    1. Login as a user with "Full Admin" rights.
    2. Create the user in CMDB.
    3. Set a password – after logging in, the user can set a new password.
    4. Select the user and click Edit.
    5. Select System Admin and enter the following:
      1. Authentication Mode - "Local" or "External"
      2. Enterprise case - select the Role
      3. Service Provide Case - select the Role for each Organization

    For details about creating users, see here.

    To change the password:

    1. Login as the user.
    2. Click the "User Profile" icon on the top-right corner.
    3. Click Save.

    Setting External Authentication

    FortiSIEM users can be authenticated in two ways:

    • Local authentication – user credentials are stored in FortiSIEM
    • External authentication – user credentials are stored in an external database (AAA Server or Active Directory) and FortiSIEM communicates with the external database to authenticate the user

    Step 1: Set up an Authentication Profile

    1. Login as a user with Full Admin rights.
    2. Create an authentication profile by visiting Admin > Settings > General > External Authentication.
    3. Click +.
    4. Provide the following information in the External Authentication Profile dialog box:
      1. Enter a Name for the profile
      2. Select an Organization from the drop-down list
      3. Set Protocol appropriately (for example, LDAP, LDAPS, or LDAPTLS for Active Directory)
      4. Enter the IP/Host and Port number
    5. Make sure the credentials are defined in Admin > Setup > Credentials.
    6. Select the entry and click Test to ensure it works correctly.

    Step 2: Attach the Authentication Profile to the user

    1. Select the user under CMDB > User and click Edit.
    2. Select System Admin and click the edit icon.
    3. Set Mode to "External" and set the Authentication Profile created.

    For details about Setting up Authentication Profiles, see here.

    For details about Editing Users, see here.

    Setting 2-Factor Authentication

    FortiSIEM supports Duo as 2-factor authentication for FortiSIEM users:

    Step 1: Set up an Authentication Profile

    1. Login as a user with Full Admin rights.
    2. Create an authentication profile by visiting Admin > Settings > General > External Authentication:
      1. Set Protocol to "Duo"
      2. Make sure the credentials are defined in Admin > Setup > Credentials
      3. Select the entry and click Test to make sure it works correctly

    Step 2: Attach the Authentication Profile to the user

    • Select the user CMDB > Users and click Edit
    • Select System Admin and click the edit icon
    • Set Mode to "External" and set the Authentication Profile created

    For details about Setting up Authentication Profiles, see here.

    For details about Editing Users, see here.

    Assigning FortiSIEM Roles to Users

    FortiSIEM allows the admin user to create Roles based on what data the user can see what the user can do with the data. To set up Roles:

    Step 1: Create a Role of your choice

    1. Login as a user with Full Admin rights.
    2. Go to Admin > Settings > Role > Role Management.
    3. Make sure there is a Role that suits your needs. If not, then create a new one by clicking + and entering the required information. You can also Clone an existing Role and make the changes.

    Step 2: Attach the Role to the user

    1. Select the user CMDB > Users and click Edit.
    2. Select System Admin and click the edit icon.
    3. Set Default Role:
      1. Enterprise case – select the Role
      2. Service Provide Case – select Role for each Organization

    For details about Setting up Roles, see here.

    For details about Editing Users,see here.

    Creating Business Services

    Business Service is a smart grouping of devices. Once created, incidents are tagged with the impacted Business Service(s) and you can see business service health in a custom Business Service dashboard.

    For details about creating a Business Service, see here.

    For details about setting up Dynamic Business Service, see here.

    For details about viewing Business Service health, see here.

    Creating Dynamic CMDB Groups and Business Services

    CMDB Groups are a key concept in FortiSIEM. Rules and Reports make extensive use of CMDB Groups. While inbuilt CMDB Groups are auto-populated by Discovery, user-defined ones and Business Services are not. You can use the Dynamic CMDB Group feature to make mass changes to user-defined CMDB Groups and Business Services.

    To create Dynamic CMDB Group Assignment Rules:

    1. Login as a user with Admin tab modification rights.
    2. Go to Admin > Settings > Discovery > CMDB Groups.
    3. Click +.
    4. Enter CMDB Membership Criteria based on Vendor, Model, Host Name and IP Range.
    5. Select the CMDB group (Groups) or Business Services (Biz Services) to which the Device would belong if the criteria in Step 3 is met.
    6. Click Save.

    You can now click Apply to immediately move the Devices to the desired CMDB Groups and Business Services. Discovery will also honor those rules – so newly discovered devices would belong to the desired CMDB Groups and Business Services.

    For details about Setting up Dynamic CMDB Groups and Business Services, see here.

    Setting Device Geo-Location

    FortiSIEM has location information for public IP addresses. For private address space, you can define the locations as follows:

    1. Login as a user with Admin tab modification rights.
    2. Go to Admin > Settings > Discovery > Location.
    3. Click +.
    4. Enter IP/IP Range.
    5. Specify the Corresponding Location for the IP address Range.
    6. Select Update Manual Devices if you want already discovered device locations to be updated.
    7. Click Save.
      You can now click Apply to set the geo-locations for all devices matching the IP ranges.

    For details about Setting Device Location, see here.

    Creating CMDB Reports

    If you want to extract data from FortiSIEM CMDB and produce a report, FortiSIEM can run a CMDB Report and display the values on the screen and allows you to export the data into a PDF or CSV file.

    For details about Creating CMDB Reports, see here.

    Previous
    Next