FortiManager
Version: FortiManager version 6.2.0 and later
FortiManager appliance allows you to centrally manage many Fortinet devices from a few to thousands, including FortiGate, FortiWiFi, FortiCarrier, FortiMail, and FortiAnalyzer appliances and virtual appliances, as well as FortiClient endpoint security agents.
Netsurion Open XDR integrates with FortiManager, enables users to view critical information related to activities performed in FortiManager or other Fortinet devices. This information is represented in the form of report, alert and graphical/ pictorial representation(dashboard).
Flex reports contain a detailed overview of activities like managed-devices login/ logout, login failed, deployment manager events, events associated with high availability for Forti devices, etc.
Alerts are provided as soon as any critical events are triggered by FortiManager. Such as, login failed, system/ managed device unexpected reboot and shutdown, etc.
From visual representation/ overview of top activities being performed in FortiManager to unauthorized user access (failed) can be viewed on Netsurion Open XDR dashboard.
Netsurion Open XDR monitors all the FortiManager events from services like system manager, Fortiguard service events, managed device operations, etc., they are given as below.
- Security – User login fail (Web service), User login fail (SSH auth), etc.
- Compliance – Device configuration operations, FortiGate-FortiManager protocol operations, etc.
- Operation – System login events, System manager events, High Availability status changes.
Once FortiManager is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards, and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | FortiManager – unexpected system rebooted triggered | This alert is triggered when there is an unexpected/ unplanned system reboot occurs in FortiManager. |
| Security | FortiManager – unexpected device rebooted triggered | This alert is triggered when there is an unexpected/ unplanned system reboot occurs in any Forti device. |
| Security | FortiManager – unexpected device shutdown triggered | This alert is triggered when there is an unexpected/ unplanned system shutdown occurs in any Forti device. |
| Security | FortiManager – unexpected system shutdown triggered | This alert is triggered when there is an unexpected/ unplanned system shutdown that occurs in FortiManager. |
| Security | FortiManager – User login fail (SSH auth) detected | This alert is triggered when an SSH authentication failure is detected by FortiManager |
| Security | FortiManager – User login fail (Web service) detected | This alert is triggered when a user fails to provide valid authorization via the web-based user interface. |
| Operations | FortiManager – Log daemon fluctuation detected | This alert is triggered when the FortiManager log daemon frequently fluctuates. i.e. series of log daemon up/down events. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | FortiManager – web service (Login Error) | This report includes a summary of the failed login of a user via the web-based user interface. |
| Operations | FortiManager – High availability events | High availability events are the events considered for a peer/ backup device for the primary FortiManager appliance. This report will display the peer devices up/ down status (if any). |
| Operations | FortiManager – System manager events | System management includes events associated with the devices/ system present in the network or associated with FortiManager. |
| Operations | FortiManager – Managed device operations | Managed device operations include events such as unexpected/ unplanned reboot and shut down by Forti devices. |
| Operations | FortiManager – Deployment manager operations | This report provides information about the process of deployment. It shows information about the failure or success status of the deployment. |
| Operations | FortiManager – Device Manager operations | This report includes events related to FortiManager device activities. |
| Operations | FortiManager – Log daemon UP/ Down events | This report includes a summary of logging daemon status up/down and reason. |
| Compliance | FortiManager – FGFM protocol operations | This report includes events related to FortiGate-FortiManager protocol operations. |
| Compliance | FortiManager – Device configuration changes | Device configuration operation includes events where the new configuration is added or updated on the existing objects. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.x and later, and FortiManager.
Download Integration Guide and How-to Guide for configuration instructions and more information.