FortiNAC

Applies To: FortiNAC v8.5 and v8.6.

FortiNAC is a product to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), the user or system authentication and network security enforcement.

EventTracker collects the event logs delivered from FortiNAC. EventTracker will alert whenever any login failure occurs in FortiNAC devices, it also alerts us when any rogue mac is detected on the network. EventTracker will help you to visualize the FortiNAC data into the dashboard, using those we can correlate data across the environment. Its reports can allow the user to see the important events on a scheduled basis.

Once events are received into EventTracker, Reports, Knowledge Objects, Categories and Dashboards can be configured into EventTracker.

EventTracker monitors all the FortiNAC events from services like Amazon EC2 and Amazon VPC, they are given as below.

Security – Admin user (FortiNAC console) Login failed activity, Rogue MAC detected connecting to the endpoint system.
Operation – Admin user (FortiNAC console) Login and logout activity, User-Management activity, and network switch interface/port up/ down.

Previous Next

Once FortiNAC is configured to deliver events to EventTracker Manager; alerts, dashboards, and reports can be configured into EventTracker.

Operations

Reports

FortiNAC - Admin user login success and logout – This report will generate a detailed view on login and logout activities of users in FortiNAC console.
FortiNAC - Host session login and logout – This report will generate a detailed view of the “Host” (endpoint systems) login and logout activities.
FortiNAC - Switchport link up-down – This report will generate a detailed view of endpoint network switch port/ interface up/ down status.

Security

Alerts

FortiNAC - Admin user login fails – This alert will be triggered when login failure occurs while trying to access FortiNAC admin console.
FortiNAC - Rogue MAC detected – This event will be triggered when a rogue/ suspicious MAC address is detected by FortiNAC.

Reports

FortiNAC - Rogue MAC detected – This report will generate a detailed view on rogue MAC address connecting to an endpoint as detected by FortiNAC.
FortiNAC - Admin user login fails – This report will generate a detailed view on failed login activities occurring in FortiNAC admin console.

Scope

The configuration details are consistent with EventTracker version 9.X and later, and FortiNAC (v8.5 and v8.6).

Documentation:

To configure FortiNAC to send logs to EventTracker, refer to the How-to Guide.

For more information please refer to the Integration guide.