FortiNAC

Version : FortiNAC v8.5 and v8.6.

FortiNAC is a product to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), the user or system authentication and network security enforcement.

Netsurion's Open XDR platform collects the event logs delivered from FortiNAC. Netsurion's Open XDR platform will alert whenever any login failure occurs in FortiNAC devices, it also alerts us when any rogue mac is detected on the network. Netsurion will help you to visualize the FortiNAC data into the dashboard, using those we can correlate data across the environment. Its reports can allow the user to see the important events on a scheduled basis.

Once events are received into Netsurion, Reports, Knowledge Objects, Categories and Dashboards can be configured into Netsurion.

Netsurion monitors all the FortiNAC events from services like Amazon EC2 and Amazon VPC, they are given as below.

  • Security – Admin user (FortiNAC console) Login failed activity, Rogue MAC detected connecting to the endpoint system.
  • Operation – Admin user (FortiNAC console) Login and logout activity, User-Management activity, and network switch interface/port up/ down.

Once FortiNAC is configured to deliver events to Netsurion Manager; alerts, dashboards, and reports can be configured into Netsurion.

Alerts

Type Name Description
Security FortiNAC - Admin user login fails This alert will be triggered when login failure occurs while trying to access FortiNAC admin console.
Security FortiNAC - Rogue MAC detected This event will be triggered when a rogue/ suspicious MAC address is detected by FortiNAC.

Reports

Type Name Description
Security FortiNAC - Rogue MAC detected This report will generate a detailed view on rogue MAC address connecting to an endpoint as detected by FortiNAC.
Security FortiNAC - Admin user login failss This report will generate a detailed view on failed login activities occurring in FortiNAC admin console.
Operations FortiNAC - Admin user login success and logout This report will generate a detailed view on login and logout activities of users in FortiNAC console.
Operations FortiNAC - Host session login and logout This report will generate a detailed view of the “Host” (endpoint systems) login and logout activities.
Operations FortiNAC - Switchport link up-down This report will generate a detailed view of endpoint network switch port/ interface up/ down status.

Documentation:

The configuration details are consistent with Netsurion version 9.X and later, and FortiNAC (v8.5 and v8.6).

Download Integration Guide and How-to Guide for more information and to configuration instruction.

This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our Privacy Statement to learn more.

I Accept