Fortinet Document Library

Version:


Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
6.0.0
Copy Link

Parameters

GuardDuty findings give visibility on the following:

  • Severity: High/medium/low (associated with scores)
  • Where the behavior/activity occurred: Region, resource ID, account ID
  • When: Last seen date/time
  • Count
  • Detailed information
    • Affected resource: type/instance ID/image ID/port/resource type/image description/launch time/tags/network interfaces (public IP, private IP, subnet ID, VPCID, security groups)
    • Action: type/connection direction
    • Actor
    • Additional

    For more information about Amazon GuardDuty, see the Amazon GuardDuty official website.

    There are five configurable environment variables in the Lambda function:

    Variable name

    Type

    Description

    MIN_SEVERITY

    Integer

    The minimum severity to block an IP address. Defaults to 3. Value ranges from 1 to 10 by AWS GuardDuty definition.

    S3_BUCKET

    Text

    S3 bucket name to store the ip block list file. No default value. Must specify.

    S3_BLOCKLIST_KEY

    Text

    Path to the ip block list file within the S3 bucket. No default value. Must specify. The relative file path to the S3 bucket.

    REGION

    Text

    AWS region to run Lambda, DynamoDB services. Must specify.

    DDB_TABLE_NAME

    Text

    DynamoDB table name which stores malicious IP addresses from findings. Must specify.

Resources

Parameters

GuardDuty findings give visibility on the following:

  • Severity: High/medium/low (associated with scores)
  • Where the behavior/activity occurred: Region, resource ID, account ID
  • When: Last seen date/time
  • Count
  • Detailed information
    • Affected resource: type/instance ID/image ID/port/resource type/image description/launch time/tags/network interfaces (public IP, private IP, subnet ID, VPCID, security groups)
    • Action: type/connection direction
    • Actor
    • Additional

    For more information about Amazon GuardDuty, see the Amazon GuardDuty official website.

    There are five configurable environment variables in the Lambda function:

    Variable name

    Type

    Description

    MIN_SEVERITY

    Integer

    The minimum severity to block an IP address. Defaults to 3. Value ranges from 1 to 10 by AWS GuardDuty definition.

    S3_BUCKET

    Text

    S3 bucket name to store the ip block list file. No default value. Must specify.

    S3_BLOCKLIST_KEY

    Text

    Path to the ip block list file within the S3 bucket. No default value. Must specify. The relative file path to the S3 bucket.

    REGION

    Text

    AWS region to run Lambda, DynamoDB services. Must specify.

    DDB_TABLE_NAME

    Text

    DynamoDB table name which stores malicious IP addresses from findings. Must specify.