Fortinet FortiGate Security Gateway
The IBM QRadar SIEM DSM for Fortinet FortiGate Security Gateway collects events from Fortinet FortiGate Security Gateway and Fortinet FortiAnalyzer products.
The following table identifies the specifications for the Fortinet FortiGate Security Gateway DSM:
Specification |
Value |
---|---|
Manufacturer |
Fortinet |
DSM name |
Fortinet FortiGate Security Gateway |
RPM file name |
DSM-FortinetFortiGate-QRadar_version-build_number.noarch.rpm |
Supported versions |
FortiOS 6.4 and earlier |
Protocol |
Syslog Syslog Redirect |
Recorded event types |
All events |
Auto discovered? |
Yes |
Includes identity? |
Yes |
Includes custom properties? |
Yes |
More information |
Fortinet website (http://www.fortinet.com) |
To integrate Fortinet FortiGate Security Gateway DSM with QRadar, complete the following steps:
- If automatic updates are not enabled, download the most recent version of the Fortinet FortiGate Security Gateway RPM from the IBM® Support Website onto your QRadar Console:
- Download and install the Syslog Redirect protocol RPM to collect events through Fortinet FortiAnalyzer. When you use the Syslog Redirect protocol, QRadar can identify the specific Fortinet FortiGate Security Gateway firewall that sent the event.
- For each instance of Fortinet FortiGate Security Gateway, configure your Fortinet FortiGate Security Gateway system to send syslog events to QRadar.
- If QRadar does not automatically detect the log source for Fortinet FortiGate Security Gateway, you can manually add the log source. For the protocol configuration type, select Syslog, and then configure the parameters.
- If you want QRadar to
receive events from Fortinet FortiAnalyzer, manually add the log source. For the protocol
configuration type, select Syslog Redirect, and then configure the
parameters. The following table lists the specific parameter values that are required for Fortinet FortiAnalyzer event collection:
For more information about configuring Syslog Redirect protocol parameters, see Syslog Redirect protocol overview.Parameter Value Log Source Identifier Regex devname="?([\w-]+) Listen Port 517 Protocol UDP