FortiNAC
Version : FortiNAC v8.5 and v8.6.
FortiNAC is a product to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), the user or system authentication and network security enforcement.
Netsurion Open XDR collects the event logs delivered from FortiNAC. Netsurion Open XDR will alert whenever any login failure occurs in FortiNAC devices, it also alerts us when any rogue mac is detected on the network. Netsurion Open XDR will help you to visualize the FortiNAC data into the dashboard, using those we can correlate data across the environment. Its reports can allow the user to see the important events on a scheduled basis.
Netsurion Open XDR monitors all the FortiNAC events from services like Amazon EC2 and Amazon VPC, they are given as below.
- Security – Admin user (FortiNAC console) Login failed activity, Rogue MAC detected connecting to the endpoint system.
- Operation – Admin user (FortiNAC console) Login and logout activity, User-Management activity, and network switch interface/port up/ down.
Once FortiNAC is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards, and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | FortiNAC – Admin user login fails | This alert will be triggered when login failure occurs while trying to access FortiNAC admin console. |
| Security | FortiNAC – Rogue MAC detected | This event will be triggered when a rogue/ suspicious MAC address is detected by FortiNAC. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | FortiNAC – Rogue MAC detected | This report will generate a detailed view on rogue MAC address connecting to an endpoint as detected by FortiNAC. |
| Security | FortiNAC – Admin user login failss | This report will generate a detailed view on failed login activities occurring in FortiNAC admin console. |
| Operations | FortiNAC – Admin user login success and logout | This report will generate a detailed view on login and logout activities of users in FortiNAC console. |
| Operations | FortiNAC – Host session login and logout | This report will generate a detailed view of the “Host” (endpoint systems) login and logout activities. |
| Operations | FortiNAC – Switchport link up-down | This report will generate a detailed view of endpoint network switch port/ interface up/ down status. |
Documentation:
The configuration details are consistent with Netsurion Open XDR 9.x and later, and FortiNAC.
Download Integration Guide and How-to Guide for configuration instructions and more information.