Fortinet FortiGate

Version: Fortinet FortiGate version 6.0 and above.

Fortinet FortiGate firewall provides protection in various areas with other key security features such as anti-virus, intrusion prevention system (IPS), web filtering, anti-spam and traffic shaping to deliver multi-layered security for the IT environment.

Netsurion Open XDR manages logs retrieved from Fortinet FortiGate firewall. The alerts, reports, dashboard, and saved searches in Netsurion Open XDR are enhanced by detecting any suspicious activities like security violations, user behavior, and traffic anomalies.

The following are the key Data Source Integrations available in Netsurion Open XDR.

Alerts

TypeNameDescription
SecurityFortinet FortiGate – Admin authentication failureGenerated when admin authentication failure event has been detected.
SecurityFortinet FortiGate – Device reboot activityGenerated when the device reboot or restart event detected.
SecurityFortinet FortiGate – DLP event detectedGenerated when a potential DLP event has been detected.
SecurityFortinet FortiGate – Firewall configuration change detectedGenerated when the system detects change in firewall configuration.
SecurityFortinet FortiGate – Intrusion or anomaly detectedGenerated when a potential anomaly has been detected.
SecurityFortinet FortiGate – Log deleted by userGenerated when the log is deleted by user.
SecurityFortinet FortiGate – SSL VPN login failure detectedGenerated when an SSL VPN login failure event has been detected while accessing the connection.
SecurityFortinet FortiGate – User authentication failureGenerated when a user authentication failure has been detected.
SecurityFortinet FortiGate – Virus detectedGenerated when a potential malicious file is detected.
ComplianceFortinet FortiGate – User login activitiesGenerated when the successful login activity is detected.
OperationalFortinet FortiGate – User added or deletedGenerated when new user added or existing one deleted like activities detected.

Reports

TypeNameDescription
SecurityFortinet FortiGate – SSL VPN user authentication eventsProvides detailed information of SSL VPN user authentication events triggered on FortiGate device.
SecurityFortinet FortiGate – User authentication eventsProvides the information of authentication related events trigger on FortiGate device.
SecurityFortinet FortiGate – Anomaly or IPS attack detectedCaptures all the anomaly or IPS attack related events triggered on FortiGate device.
SecurityFortinet FortiGate – Suspicious web content detectedCapture suspicious web related traffic triggered on FortiGate device.
SecurityFortinet FortiGate – Suspicious email content detectedFetches details on traffic related to the email communication triggered on FortiGate device.
SecurityFortinet FortiGate – Data leak detectedCaptures DLP events detected on FortiGate device.
SecurityFortinet FortiGate – Traffic eventsFetches traffic events triggered on FortiGate device.
SecurityFortinet FortiGate – Application control eventsCapture details for intrusion attempts while matching the application pattern triggers on FortiGate device.
SecurityFortinet FortiGate – Web application firewall eventsFetches information related to the web application firewall events.
SecurityFortinet FortiGate – Virus detectedCaptures events categorized as virus or malicious by FortiGate device.
ComplianceFortinet FortiGate – Administrator authentication eventsCaptures administrator authentication events triggered on respective FortiGate device.
OperationalFortinet FortiGate – Firewall configuration changeCaptures any configuration change related activity triggered on FortiGate device.

Dashboards

TypeNameDescription
SecurityFortinet FortiGate – Login and authentication success eventsDisplays login and authentication success events triggered on respective FortiGate device.
SecurityFortinet FortiGate – Login and authentication failed eventsCaptures login and authentication failed events triggered on respective FortiGate devices.
SecurityFortinet FortiGate – Intrusion detection by source IPDisplays Intrusion detection by source IP.
SecurityFortinet FortiGate – Login failed by source Geo-locationCaptures the geo location of source IP address who triggered login failed events on respective FortiGate device.
SecurityFortinet FortiGate – Intrusion detection by log typeDetects the intrusion and display the message of respective threat type.
SecurityFortinet FortiGate – Intrusion detection by source IP Geo-locationDisplays source IP geo location where intrusion attack has been detected.
SecurityFortinet FortiGate – Login or authentication events by source IP Geo-locationDisplays the geo location of the source IP from where login or authenticate event have triggered.
SecurityFortinet FortiGate – Traffic by source IP Geo-locationDisplays the geo location of source IP from where traffic is originated.

Saved Searches

TypeNameDescription
SecurityFortinet FortiGate – Admin login failuresProvides the information on Admin login failures activities which includes information like IP address, location, console type used by user.
SecurityFortinet FortiGate – Allowed trafficProvides information of the allowed traffic with related information like source and destination IP address and location.
SecurityFortinet FortiGate – Application controlProvides information of the application control events.
SecurityFortinet FortiGate – Data leak detectedProvides information on DLP events detected by FortiGate device.
SecurityFortinet FortiGate – Denied trafficProvides information of the denied traffic with related information like source and destination IP address, location and reason for the violation or denied.
SecurityFortinet FortiGate – IPS attacks detectedProvides information on anomalies or IPS events detected by FortiGate device.
SecurityFortinet FortiGate – SSL VPN user login failureProvides the information on users who are failed to login through SSL VPN which includes information like IP address, location, etc.
SecurityFortinet FortiGate – Suspicious email content detectedProvides information on suspicious email content detected on the Email category which included sender’s and receiver’s address, any attachments in the mail, etc.
SecurityFortinet FortiGate – Suspicious web content detectedProvides information on suspicious web content detected by FortiGate device.
SecurityFortinet FortiGate – User authentication failuresProvides the information on user login failures activities which includes information like IP address, location etc.
SecurityFortinet FortiGate – User authentication successProvides the information on user who can trigger successful authentication event which includes information like IP address, location, console type used by user.
SecurityFortinet FortiGate – Virus detectedProvides information on events where any suspicious or malicious file detected by FortiGate device.
SecurityFortinet FortiGate – VPN user tunnel statusProvides information on events whenever FortiGate detect the change of VPN tunnel status by respective user.
SecurityFortinet FortiGate – Web application firewall activitiesProvides information on web application firewall events detected by FortiGate device.
ComplianceFortinet FortiGate – Admin login and logoutProvides detailed information on admin login and logout activities which includes IP address, console type information.
OperationalFortinet FortiGate – Configuration changesProvides information on the firewall configuration changes detected on respective FortiGate device.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 and later, and Fortinet FortiGate.

Download Integration Guide for configuration instructions and more information.