Fortinet Document Library

Version:


Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
6.0.0
Copy Link

Parameters

GuardDuty findings give visibility on the following:

  • Severity: High/medium/low (associated with scores)
  • Where the behavior/activity occurred: region, resource ID, account ID
  • When: last seen date/time
  • Count
  • Detailed information
    • Affected resource: type/instance ID/image ID/port/resource type/image description/launch time/tags/network interfaces (public IP, private IP, subnet ID, VPCID, security groups)
    • Action: type/connection direction
    • Actor
    • Additional

    For more information, see the Amazon GuardDuty official website.

    There are five configurable environment variables in the Lambda function:

    Variable name

    Type

    Description

    MIN_SEVERITY

    Integer

    The minimum severity to block an IP address. Defaults to 3. Value ranges from 1 to 10 by AWS GuardDuty definition.

    S3_BUCKET

    Text

    S3 bucket name to store the IP block list file. This variable has no default value. You must specify a value.

    S3_BLOCKLIST_KEY

    Text

    Path to the IP block list file within the S3 bucket. This variable has no default value. You must specify a value. The relative file path to the S3 bucket.

    REGION

    Text

    AWS region to run Lambda and DynamoDB services. You must specify a value.

    DDB_TABLE_NAME

    Text

    DynamoDB table name which stores malicious IP addresses from findings. You must specify a value.

Resources

Parameters

GuardDuty findings give visibility on the following:

  • Severity: High/medium/low (associated with scores)
  • Where the behavior/activity occurred: region, resource ID, account ID
  • When: last seen date/time
  • Count
  • Detailed information
    • Affected resource: type/instance ID/image ID/port/resource type/image description/launch time/tags/network interfaces (public IP, private IP, subnet ID, VPCID, security groups)
    • Action: type/connection direction
    • Actor
    • Additional

    For more information, see the Amazon GuardDuty official website.

    There are five configurable environment variables in the Lambda function:

    Variable name

    Type

    Description

    MIN_SEVERITY

    Integer

    The minimum severity to block an IP address. Defaults to 3. Value ranges from 1 to 10 by AWS GuardDuty definition.

    S3_BUCKET

    Text

    S3 bucket name to store the IP block list file. This variable has no default value. You must specify a value.

    S3_BLOCKLIST_KEY

    Text

    Path to the IP block list file within the S3 bucket. This variable has no default value. You must specify a value. The relative file path to the S3 bucket.

    REGION

    Text

    AWS region to run Lambda and DynamoDB services. You must specify a value.

    DDB_TABLE_NAME

    Text

    DynamoDB table name which stores malicious IP addresses from findings. You must specify a value.