FortiAnalyzer
Version: FortiAnalyzer 4.0, 5.0 and later.
FortiAnalyzer logs and analyzes aggregated log data from Fortinet devices and other syslog-compatible devices. Netsurion Open XDR examines this collective of logs and leverage machine learning to identify critical events, suspicious network traffic, configuration changes and user behaviour analytics.
Netsurion Open XDR gathers and examines acquired logs to identify about administrator logon, network file sharing, resources monitored, devices added, changed and modified.
Netsurion Data Source Integration for FortiAnalyzer allows you to monitor the following:-
- Operations – Backup and restore activity, Device management, Resource Monitoring, User management and System management and Network share management.
- Security – IPsec activity.
- Compliance – Administrator logon activity, Administrator logon failed activity and Configuration changes activity.
Once FortiAnalyzer is configured to deliver events to Netsurion Open XDR Manager; Alerts, Dashboards and Reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Operations | FortiAnalyzer – Administrator deleted a device | This alert is generated when administrator deleted the device. |
| Operations | FortiAnalyzer – Removed a disk from RAID array | This alert is generated when administrator removes the disk from the RAID array. |
| Compliance | FortiAnalyzer – User logon failed | This alert is generated when administrator attempt to log in to the web-based manager using GUI or CLI was failed. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | FortiAnalyzer – IPsec activity | This report provides information related to IPsec VPN connections which includes columns such as Local IP, Local Port, Remote IP, Remote Port, Outbound Interface, Action, Initiated, Mode, Direction, and Status. |
| Operations | FortiAnalyzer – Backup and restore activity | This reports provides information related to backup, restore, reboot, upload and which includes columns such as User Name, User Interface, Action, Status and Message details. |
| Operations | FortiAnalyzer – Device management | This report provides information related to device added, deleted, rename, changed, registered and unregistered details which includes columns such as User Name, User Interface, Source IP, Action, Status and Message Details. |
| Operations | FortiAnalyzer – Resource monitoring | This report provides information related to resource usage which includes columns such as Status and Message Details. |
| Operations | FortiAnalyzer – User management | This report provides information related to user profile accessed, deleted, changed which includes columns such as User Name, User Interface, Source IP, Status and Message Details. |
| Operations | FortiAnalyzer – System management | This report provides information related to bootup, downgraded, migration, and delete log, delete archive which includes columns such as User Name, User Interface, Source IP, Action, Status and Message details. |
| Operations | FortiAnalyzer – Network share management | This report provides information related to network area storage and network file sharing which includes columns such as User Name, User Interface, Source IP, Status and Message Details. |
| Compliance | FortiAnalyzer – Administrator logon activity | This report provides information related to user login and logout which includes User Name, User Interface, Source IP, Action, Status and Reason fields. |
| Compliance | FortiAnalyzer – Administrator logon failed | This report provides information related to login failure which includes column such as User Name, User Interface, Source IP, Action, Status and Reason. |
| Compliance | FortiAnalyzer – Configuration changes activity | This report provides information related to change in authentication server which includes columns such as User Name, User Interface, Source IP, Status and Message details. |
Documentation
The configuration details are consistent with Netsurion Open XDR 7.x and later, and FortiAnalyzer.
Download Integration Guide for configuration instructions and more information.