Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.5.1
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    User Guide

    Home FortiSIEM 7.5.1 User Guide
    7.5.1
    7.5.1
    7.5.0
    7.4.2
    7.4.1
    7.4.0
    7.3.5
    7.3.4
    7.3.3
    7.3.2
    7.3.1
    7.3.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.9
    7.1.8
    7.1.7
    7.1.6
    7.1.5
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    4.10.0
    4.9.0
    4.8.1
    4.7.2

    Salesforce Integration

    Salesforce Integration

    Configuring Salesforce for FortiSIEM Integration

    1. Log in to Salesforce.
    2. Create a custom domain.
    3. For Service Provider Configurations, create Service App > Accounts.
      FortiSIEM will use the Account Name.

    Salesforce Incident Outbound Integration

    Step 1: Create an Integration

    1. Log into your Supervisor node with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click +.
    4. For Type, select Incident.
    5. For Direction, select Outbound.
    6. For Vendor, select the vendor of the system you want to connect to. Salesforce is supported out of the box.
      When you select the Vendor:
      1. An Instance is created - this is the unique name for this policy. For example if you had two Salesforce installations, each would have different Instance names.
      2. A default Plugin Name is populated - this is the Java code that implements the integration including connecting to the external help desk systems and synching the CMDB elements. The plugin is automatically populated for Salesforce. For other vendors, you must create your own plugin and enter the plugin name here.
    7. For Host/URL, enter the host name or URL of the external system. For Salesforce:
      1. Log in to Salesforce.
      2. Go to Setup > Settings.
      3. Use the Custom URL under My Domain, typically it is xyz.my.salesforce.com
    8. For User Name and Password, enter a user name and password that the system can use to authenticate with the external system.
      1. For Salesforce, enter the login credentials.
    9. For Security Token, enter the security token from Salesforce. If you do not have your security token information, you can get this by taking the following steps.
      1. Log in to Salesforce.
      2. At <your name>, click the drop-down list and navigate to Setup > Personal Setup > My Personal Information.
      3. Click Reset My Security Token to get Salesforce to email your security token.
    10. For Incidents Comments Template, specify the formatting of the incident fields.
    11. For Organization Mapping, click the Edit icon to take you to the Integration Policy > Org Mapping window. Here, you can create mappings between the organizations in your FortiSIEM deployment and the names of the organization in the external system. For Salesforce, to get your account name, take the following steps in Salesforce:
      1. Go to Service App > Accounts.
      2. Use Account Name.
      3. In FortiSIEM, at the Integration Policy > Org Mapping window, enter the Account Name in the Default field.
        Note: You can choose to provide an organization name from FortiSIEM in the Default field.
    12. For Run For, choose the organizations for whom tickets will be created.
    13. In the Max Incidents field, enter the maximum number of incidents you want recorded.
    14. Click Save.
    15. Click Run to confirm the integration. If you receive an "...unable to find valid certification path to requested target", you need to upload a certificate to FortiSIEM.

    Step 2: Link Integration to an Automation Policy

    You need to link the integration to an automation policy, so that the integration runs when the automation policy triggers.

    Take the following steps.

    1. Go to Admin > Settings > General > Automation Policy.
    2. Click + to create a new policy or click the Edit () icon to edit an existing policy.
    3. In the Automation Policy dialog box, select Action > Invoke an Integration Policy, then select the edit icon.
    4. Choose a specific integration from the drop-down list.
    5. Click Save.

    Salesforce Incident Inbound Integration

    This updates the FortiSIEM incident state and clears the incident when the incident is cleared in the external help desk system. Built-in integrations are available for Salesforce.

    The steps are:

    1. Create an Incident Inbound integration schedule.
    2. Create a schedule for automatically running the Incident Inbound integration.

      3. This will update the FortiSIEM incident inbound integration schedule and clears the incident when the incident is cleared in the external help desk system.

    Step 1: Create an Incident Inbound integration

    1. Log into your Supervisor node with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click +.
    4. For Type, select Incident.
    5. For Direction, select Inbound.
    6. For Vendor, select the vendor of the system you want to connect to. Salesforce is supported out of the box.
      When you select the Vendor:
      1. An Instance is created - this is the unique name for this policy. For example if you had two Salesforce installations, each would have different Instance names.
      2. A default Plugin Name is populated. This is the Java code that implements the integration including connecting to the external help desk systems and synching the CMDB elements. The plugin is automatically populated for Salesforce. For other vendors, you must create your own plugin and enter the plugin name here.
    7. For Host/URL, enter the host name or URL of the external system. For Salesforce:
      1. Log in to Salesforce.
      2. Go to Setup > Settings.
      3. Use the custom URL under My Domain – typically it is xyz.my.salesforce.com.
    8. For User Name and Password, enter a user name and password that the system can use to authenticate with the external system. For Salesforce, select the login credentials.
    9. For Time Window, select the number of hours for which incident states will be synched. For example, if time windows is set to 10 hours, the states of incidents that occurred in the last 10 hours will be synched.
    10. Click Save.

    Step 2: Create an Incident Inbound integration schedule

    This will update FortiSIEM following incident fields when ticket state is updated in the external ticketing system.

    • External Ticket State
    • Ticket State
    • External Cleared Time
    • External Resolve Time

    Follow these steps.

    1. Log into your FortiSIEM Supervisor with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click the Schedule () icon and then click +.
      1. Select the integration policy.
      2. Select a schedule.

    Salesforce CMDB Outbound Integration

    CMDB Outbound Integration populates an external CMDB from FortiSIEM’s own CMDB. Built in integrations are available for Salesforce.

    Step 1: Create a CMDB Outbound Integration

    1. Log into your Supervisor node with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click +.
    4. For Type, select Device.
    5. For Direction, select Outbound.
    6. For Vendor, select the vendor of the system you want to connect to. Salesforce is supported out of the box.
      When you select the Vendor:
      1. An Instance is created - this is the unique name for this policy. For example if you had 2 Salesforce installations, each would have different Instance names.
      2. A default Plugin Name is populated - this is the Java code that implements the integration including connecting to the external help desk systems and synching the CMDB elements. The plugin is automatically populated for Salesforce. For other vendors, you have to create your own plugin and type in the plugin name here.
    7. For Host/URL, enter the host name or URL of the external system. For Salesforce:
      1. Log in to Salesforce.
      2. Go to Setup > Settings.
      3. Use the Custom URL under My Domain, typically it is xyz.my.salesforce.com.
    8. For User Name and Password, enter a user name and password that the system can use to authenticate with the external system. For Salesforce, select the login credentials.
    9. Enter the Maximum number of devices to send to the external system.
    10. For Organization Mapping, click Edit to create mappings between the organizations in your FortiSIEM deployment and the names of the organization in the external system. For Salesforce:
      1. Go to Service App > Accounts.
      2. Use Account Name.
    11. For Run For, choose the organizations for whom tickets will be created.
    12. For Groups, select the FortiSIEM CMDB Groups whose member devices would be synched to external CMDB.
    13. Select Run after Discovery if you want this export to take place after you have run discovery in your system. This is the only way to push automatic changes from FortiSIEM to the external system.
    14. Click Save.

    Step 2: Create a CMDB Outbound Integration Schedule

    Updating external CMDB automatically after FortiSIEM discovery:

    1. Create an integration policy.
    2. Make sure Run after Discovery is checked.
    3. Click Save.

    Updating external CMDB on a schedule:

    1. Log into your FortiSIEM Supervisor with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click the Schedule () icon and then click +.
      1. Select the integration policies.
      2. Select a schedule.

    Updating external CMDB on-demand (one-time):

    1. Log into your FortiSIEM Supervisor with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Select a specific integration policy and click Run.
    Previous
    Next

    Salesforce Integration

    Salesforce Integration

    Configuring Salesforce for FortiSIEM Integration

    1. Log in to Salesforce.
    2. Create a custom domain.
    3. For Service Provider Configurations, create Service App > Accounts.
      FortiSIEM will use the Account Name.

    Salesforce Incident Outbound Integration

    Step 1: Create an Integration

    1. Log into your Supervisor node with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click +.
    4. For Type, select Incident.
    5. For Direction, select Outbound.
    6. For Vendor, select the vendor of the system you want to connect to. Salesforce is supported out of the box.
      When you select the Vendor:
      1. An Instance is created - this is the unique name for this policy. For example if you had two Salesforce installations, each would have different Instance names.
      2. A default Plugin Name is populated - this is the Java code that implements the integration including connecting to the external help desk systems and synching the CMDB elements. The plugin is automatically populated for Salesforce. For other vendors, you must create your own plugin and enter the plugin name here.
    7. For Host/URL, enter the host name or URL of the external system. For Salesforce:
      1. Log in to Salesforce.
      2. Go to Setup > Settings.
      3. Use the Custom URL under My Domain, typically it is xyz.my.salesforce.com
    8. For User Name and Password, enter a user name and password that the system can use to authenticate with the external system.
      1. For Salesforce, enter the login credentials.
    9. For Security Token, enter the security token from Salesforce. If you do not have your security token information, you can get this by taking the following steps.
      1. Log in to Salesforce.
      2. At <your name>, click the drop-down list and navigate to Setup > Personal Setup > My Personal Information.
      3. Click Reset My Security Token to get Salesforce to email your security token.
    10. For Incidents Comments Template, specify the formatting of the incident fields.
    11. For Organization Mapping, click the Edit icon to take you to the Integration Policy > Org Mapping window. Here, you can create mappings between the organizations in your FortiSIEM deployment and the names of the organization in the external system. For Salesforce, to get your account name, take the following steps in Salesforce:
      1. Go to Service App > Accounts.
      2. Use Account Name.
      3. In FortiSIEM, at the Integration Policy > Org Mapping window, enter the Account Name in the Default field.
        Note: You can choose to provide an organization name from FortiSIEM in the Default field.
    12. For Run For, choose the organizations for whom tickets will be created.
    13. In the Max Incidents field, enter the maximum number of incidents you want recorded.
    14. Click Save.
    15. Click Run to confirm the integration. If you receive an "...unable to find valid certification path to requested target", you need to upload a certificate to FortiSIEM.

    Step 2: Link Integration to an Automation Policy

    You need to link the integration to an automation policy, so that the integration runs when the automation policy triggers.

    Take the following steps.

    1. Go to Admin > Settings > General > Automation Policy.
    2. Click + to create a new policy or click the Edit () icon to edit an existing policy.
    3. In the Automation Policy dialog box, select Action > Invoke an Integration Policy, then select the edit icon.
    4. Choose a specific integration from the drop-down list.
    5. Click Save.

    Salesforce Incident Inbound Integration

    This updates the FortiSIEM incident state and clears the incident when the incident is cleared in the external help desk system. Built-in integrations are available for Salesforce.

    The steps are:

    1. Create an Incident Inbound integration schedule.
    2. Create a schedule for automatically running the Incident Inbound integration.

      3. This will update the FortiSIEM incident inbound integration schedule and clears the incident when the incident is cleared in the external help desk system.

    Step 1: Create an Incident Inbound integration

    1. Log into your Supervisor node with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click +.
    4. For Type, select Incident.
    5. For Direction, select Inbound.
    6. For Vendor, select the vendor of the system you want to connect to. Salesforce is supported out of the box.
      When you select the Vendor:
      1. An Instance is created - this is the unique name for this policy. For example if you had two Salesforce installations, each would have different Instance names.
      2. A default Plugin Name is populated. This is the Java code that implements the integration including connecting to the external help desk systems and synching the CMDB elements. The plugin is automatically populated for Salesforce. For other vendors, you must create your own plugin and enter the plugin name here.
    7. For Host/URL, enter the host name or URL of the external system. For Salesforce:
      1. Log in to Salesforce.
      2. Go to Setup > Settings.
      3. Use the custom URL under My Domain – typically it is xyz.my.salesforce.com.
    8. For User Name and Password, enter a user name and password that the system can use to authenticate with the external system. For Salesforce, select the login credentials.
    9. For Time Window, select the number of hours for which incident states will be synched. For example, if time windows is set to 10 hours, the states of incidents that occurred in the last 10 hours will be synched.
    10. Click Save.

    Step 2: Create an Incident Inbound integration schedule

    This will update FortiSIEM following incident fields when ticket state is updated in the external ticketing system.

    • External Ticket State
    • Ticket State
    • External Cleared Time
    • External Resolve Time

    Follow these steps.

    1. Log into your FortiSIEM Supervisor with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click the Schedule () icon and then click +.
      1. Select the integration policy.
      2. Select a schedule.

    Salesforce CMDB Outbound Integration

    CMDB Outbound Integration populates an external CMDB from FortiSIEM’s own CMDB. Built in integrations are available for Salesforce.

    Step 1: Create a CMDB Outbound Integration

    1. Log into your Supervisor node with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click +.
    4. For Type, select Device.
    5. For Direction, select Outbound.
    6. For Vendor, select the vendor of the system you want to connect to. Salesforce is supported out of the box.
      When you select the Vendor:
      1. An Instance is created - this is the unique name for this policy. For example if you had 2 Salesforce installations, each would have different Instance names.
      2. A default Plugin Name is populated - this is the Java code that implements the integration including connecting to the external help desk systems and synching the CMDB elements. The plugin is automatically populated for Salesforce. For other vendors, you have to create your own plugin and type in the plugin name here.
    7. For Host/URL, enter the host name or URL of the external system. For Salesforce:
      1. Log in to Salesforce.
      2. Go to Setup > Settings.
      3. Use the Custom URL under My Domain, typically it is xyz.my.salesforce.com.
    8. For User Name and Password, enter a user name and password that the system can use to authenticate with the external system. For Salesforce, select the login credentials.
    9. Enter the Maximum number of devices to send to the external system.
    10. For Organization Mapping, click Edit to create mappings between the organizations in your FortiSIEM deployment and the names of the organization in the external system. For Salesforce:
      1. Go to Service App > Accounts.
      2. Use Account Name.
    11. For Run For, choose the organizations for whom tickets will be created.
    12. For Groups, select the FortiSIEM CMDB Groups whose member devices would be synched to external CMDB.
    13. Select Run after Discovery if you want this export to take place after you have run discovery in your system. This is the only way to push automatic changes from FortiSIEM to the external system.
    14. Click Save.

    Step 2: Create a CMDB Outbound Integration Schedule

    Updating external CMDB automatically after FortiSIEM discovery:

    1. Create an integration policy.
    2. Make sure Run after Discovery is checked.
    3. Click Save.

    Updating external CMDB on a schedule:

    1. Log into your FortiSIEM Supervisor with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Click the Schedule () icon and then click +.
      1. Select the integration policies.
      2. Select a schedule.

    Updating external CMDB on-demand (one-time):

    1. Log into your FortiSIEM Supervisor with administrator credentials.
    2. Go to Admin > Settings > General > External Integration.
    3. Select a specific integration policy and click Run.
    Previous
    Next