Fortinet FortiGate
Version: Fortinet FortiGate version 6.0 and above.
Fortinet FortiGate firewall provides protection in various areas with other key security features such as anti-virus, intrusion prevention system (IPS), web filtering, anti-spam and traffic shaping to deliver multi-layered security for the IT environment.
Netsurion Open XDR manages logs retrieved from Fortinet FortiGate firewall. The alerts, reports, dashboard, and saved searches in Netsurion Open XDR are enhanced by detecting any suspicious activities like security violations, user behavior, and traffic anomalies.
The following are the key Data Source Integrations available in Netsurion Open XDR.
Alerts
Type | Name | Description |
---|---|---|
Security | Fortinet FortiGate – Admin authentication failure | Generated when admin authentication failure event has been detected. |
Security | Fortinet FortiGate – Device reboot activity | Generated when the device reboot or restart event detected. |
Security | Fortinet FortiGate – DLP event detected | Generated when a potential DLP event has been detected. |
Security | Fortinet FortiGate – Firewall configuration change detected | Generated when the system detects change in firewall configuration. |
Security | Fortinet FortiGate – Intrusion or anomaly detected | Generated when a potential anomaly has been detected. |
Security | Fortinet FortiGate – Log deleted by user | Generated when the log is deleted by user. |
Security | Fortinet FortiGate – SSL VPN login failure detected | Generated when an SSL VPN login failure event has been detected while accessing the connection. |
Security | Fortinet FortiGate – User authentication failure | Generated when a user authentication failure has been detected. |
Security | Fortinet FortiGate – Virus detected | Generated when a potential malicious file is detected. |
Compliance | Fortinet FortiGate – User login activities | Generated when the successful login activity is detected. |
Operational | Fortinet FortiGate – User added or deleted | Generated when new user added or existing one deleted like activities detected. |
Reports
Type | Name | Description |
---|---|---|
Security | Fortinet FortiGate – SSL VPN user authentication events | Provides detailed information of SSL VPN user authentication events triggered on FortiGate device. |
Security | Fortinet FortiGate – User authentication events | Provides the information of authentication related events trigger on FortiGate device. |
Security | Fortinet FortiGate – Anomaly or IPS attack detected | Captures all the anomaly or IPS attack related events triggered on FortiGate device. |
Security | Fortinet FortiGate – Suspicious web content detected | Capture suspicious web related traffic triggered on FortiGate device. |
Security | Fortinet FortiGate – Suspicious email content detected | Fetches details on traffic related to the email communication triggered on FortiGate device. |
Security | Fortinet FortiGate – Data leak detected | Captures DLP events detected on FortiGate device. |
Security | Fortinet FortiGate – Traffic events | Fetches traffic events triggered on FortiGate device. |
Security | Fortinet FortiGate – Application control events | Capture details for intrusion attempts while matching the application pattern triggers on FortiGate device. |
Security | Fortinet FortiGate – Web application firewall events | Fetches information related to the web application firewall events. |
Security | Fortinet FortiGate – Virus detected | Captures events categorized as virus or malicious by FortiGate device. |
Compliance | Fortinet FortiGate – Administrator authentication events | Captures administrator authentication events triggered on respective FortiGate device. |
Operational | Fortinet FortiGate – Firewall configuration change | Captures any configuration change related activity triggered on FortiGate device. |
Dashboards
Type | Name | Description |
---|---|---|
Security | Fortinet FortiGate – Login and authentication success events | Displays login and authentication success events triggered on respective FortiGate device. |
Security | Fortinet FortiGate – Login and authentication failed events | Captures login and authentication failed events triggered on respective FortiGate devices. |
Security | Fortinet FortiGate – Intrusion detection by source IP | Displays Intrusion detection by source IP. |
Security | Fortinet FortiGate – Login failed by source Geo-location | Captures the geo location of source IP address who triggered login failed events on respective FortiGate device. |
Security | Fortinet FortiGate – Intrusion detection by log type | Detects the intrusion and display the message of respective threat type. |
Security | Fortinet FortiGate – Intrusion detection by source IP Geo-location | Displays source IP geo location where intrusion attack has been detected. |
Security | Fortinet FortiGate – Login or authentication events by source IP Geo-location | Displays the geo location of the source IP from where login or authenticate event have triggered. |
Security | Fortinet FortiGate – Traffic by source IP Geo-location | Displays the geo location of source IP from where traffic is originated. |
Saved Searches
Type | Name | Description |
---|---|---|
Security | Fortinet FortiGate – Admin login failures | Provides the information on Admin login failures activities which includes information like IP address, location, console type used by user. |
Security | Fortinet FortiGate – Allowed traffic | Provides information of the allowed traffic with related information like source and destination IP address and location. |
Security | Fortinet FortiGate – Application control | Provides information of the application control events. |
Security | Fortinet FortiGate – Data leak detected | Provides information on DLP events detected by FortiGate device. |
Security | Fortinet FortiGate – Denied traffic | Provides information of the denied traffic with related information like source and destination IP address, location and reason for the violation or denied. |
Security | Fortinet FortiGate – IPS attacks detected | Provides information on anomalies or IPS events detected by FortiGate device. |
Security | Fortinet FortiGate – SSL VPN user login failure | Provides the information on users who are failed to login through SSL VPN which includes information like IP address, location, etc. |
Security | Fortinet FortiGate – Suspicious email content detected | Provides information on suspicious email content detected on the Email category which included sender’s and receiver’s address, any attachments in the mail, etc. |
Security | Fortinet FortiGate – Suspicious web content detected | Provides information on suspicious web content detected by FortiGate device. |
Security | Fortinet FortiGate – User authentication failures | Provides the information on user login failures activities which includes information like IP address, location etc. |
Security | Fortinet FortiGate – User authentication success | Provides the information on user who can trigger successful authentication event which includes information like IP address, location, console type used by user. |
Security | Fortinet FortiGate – Virus detected | Provides information on events where any suspicious or malicious file detected by FortiGate device. |
Security | Fortinet FortiGate – VPN user tunnel status | Provides information on events whenever FortiGate detect the change of VPN tunnel status by respective user. |
Security | Fortinet FortiGate – Web application firewall activities | Provides information on web application firewall events detected by FortiGate device. |
Compliance | Fortinet FortiGate – Admin login and logout | Provides detailed information on admin login and logout activities which includes IP address, console type information. |
Operational | Fortinet FortiGate – Configuration changes | Provides information on the firewall configuration changes detected on respective FortiGate device. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.3 and later, and Fortinet FortiGate.
Download Integration Guide for configuration instructions and more information.