Skip to main content
IsuruTharanga
IsuruTharanga
Visitor III
January 28, 2021
Question

FortiSIEM - AWS Integration

  • January 28, 2021
  • 1 reply
  • 1809 views
Hi All,

I would like to clarify few things regarding FortSIEM integration with AWS Environment.


  • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
  • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
    • Whether is it using Kinesis Data Streams/Data Firehose
    • Does it collect these streams to a S3 bucket
    • What type of log sources supported via Kinesis
  • AWS Shield (WAF) / AWS Route53 logs / AWS GuardDuty – There aren't any sections on how these AWS services integrate with FortiSIEM. (Can it be done via Kinesis?)
  • I just saw an guide on VPC Flows
Can anyone provide an insight? Thanks.

------------------------------
Cheers,
Isuru
------------------------------

    1 reply

    FSM_FTNT
    Staff
    FSM_FTNT
    Staff
    February 15, 2021
    Hi Isuru,

    • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
      • It collects the EC2 Metrics. If there is something else you need, let us know.
    • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
      • AWS Kinesis can collect data from different devices/services, the data format is as same as source data so may require a parser to be created. As an example. AWS Shield could log to Kinesis but logs may not be parsed.

    Thanks

    Dan


    ------------------------------
    Daniel
    FortiSIEM Product Manager
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: Jan 28, 2021 04:06 AM
    From: Isuru Tharanga
    Subject: FortiSIEM - AWS Integration

    Hi All,

    I would like to clarify few things regarding FortSIEM integration with AWS Environment.


    • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
    • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
      • Whether is it using Kinesis Data Streams/Data Firehose
      • Does it collect these streams to a S3 bucket
      • What type of log sources supported via Kinesis
    • AWS Shield (WAF) / AWS Route53 logs / AWS GuardDuty – There aren't any sections on how these AWS services integrate with FortiSIEM. (Can it be done via Kinesis?)
    • I just saw an guide on VPC Flows
    Can anyone provide an insight? Thanks.

    ------------------------------
    Cheers,
    Isuru
    ------------------------------
    IsuruTharanga
    IsuruTharangaAuthor
    Visitor III
    February 21, 2021
    Hi Dan,

    Thanks for the response, but my concerns are,

    • It collects the EC2 Metrics. If there is something else you need, let us know.
      • What about other metrics ?
      • Does FortiSIEM only support EC2 metrics?

    • AWS Kinesis can collect data from different devices/services, the data format is as same as source data so may require a parser to be created. As an example. AWS Shield could log to Kinesis but logs may not be parsed.
      • What if we store the kinesis streams to a S3 bucket ?
      • Will the provided integration be able to pull those streams ?


    ------------------------------
    Cheers,
    Isuru
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: Feb 15, 2021 02:58 AM
    From: Daniel Hanman
    Subject: FortiSIEM - AWS Integration

    Hi Isuru,

    • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
      • It collects the EC2 Metrics. If there is something else you need, let us know.
    • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
      • AWS Kinesis can collect data from different devices/services, the data format is as same as source data so may require a parser to be created. As an example. AWS Shield could log to Kinesis but logs may not be parsed.

    Thanks

    Dan


    ------------------------------
    Daniel
    FortiSIEM Product Manager
    ------------------------------

    Original Message:
    Sent: Jan 28, 2021 04:06 AM
    From: Isuru Tharanga
    Subject: FortiSIEM - AWS Integration

    Hi All,

    I would like to clarify few things regarding FortSIEM integration with AWS Environment.


    • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
    • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
      • Whether is it using Kinesis Data Streams/Data Firehose
      • Does it collect these streams to a S3 bucket
      • What type of log sources supported via Kinesis
    • AWS Shield (WAF) / AWS Route53 logs / AWS GuardDuty – There aren't any sections on how these AWS services integrate with FortiSIEM. (Can it be done via Kinesis?)
    • I just saw an guide on VPC Flows
    Can anyone provide an insight? Thanks.

    ------------------------------
    Cheers,
    Isuru
    ------------------------------
    DusanTomic
    Staff
    DusanTomic
    Staff
    March 23, 2021
    Hi Isuru,

    It supports RDS, EFS and EC2 metrics using the EC2 credential method.
    Using Kinesis credential method it supports all services that can log to S3 using Kinesis. You'll need to create a credential per each Kinesis/S3 pair.
    Using Cloudtrail it supports all services that log to S3 using cloudtrail. You also need to create a credential per each CloudTrail/SNS/S3 group.

    You may run into the case of the parser being too generic for a specific service that you're logging, if that is the case then PM me and I'll enhance the parser for the service you need.

    Kind Regards,

    ------------------------------
    Dušan Tomić - Consulting Systems Engineer INTL
    Fortinet
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: Feb 21, 2021 09:00 AM
    From: Isuru Tharanga
    Subject: FortiSIEM - AWS Integration

    Hi Dan,

    Thanks for the response, but my concerns are,

    • It collects the EC2 Metrics. If there is something else you need, let us know.
      • What about other metrics ?
      • Does FortiSIEM only support EC2 metrics?

    • AWS Kinesis can collect data from different devices/services, the data format is as same as source data so may require a parser to be created. As an example. AWS Shield could log to Kinesis but logs may not be parsed.
      • What if we store the kinesis streams to a S3 bucket ?
      • Will the provided integration be able to pull those streams ?


    ------------------------------
    Cheers,
    Isuru
    ------------------------------

    Original Message:
    Sent: Feb 15, 2021 02:58 AM
    From: Daniel Hanman
    Subject: FortiSIEM - AWS Integration

    Hi Isuru,

    • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
      • It collects the EC2 Metrics. If there is something else you need, let us know.
    • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
      • AWS Kinesis can collect data from different devices/services, the data format is as same as source data so may require a parser to be created. As an example. AWS Shield could log to Kinesis but logs may not be parsed.

    Thanks

    Dan


    ------------------------------
    Daniel
    FortiSIEM Product Manager

    Original Message:
    Sent: Jan 28, 2021 04:06 AM
    From: Isuru Tharanga
    Subject: FortiSIEM - AWS Integration

    Hi All,

    I would like to clarify few things regarding FortSIEM integration with AWS Environment.


    • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
    • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
      • Whether is it using Kinesis Data Streams/Data Firehose
      • Does it collect these streams to a S3 bucket
      • What type of log sources supported via Kinesis
    • AWS Shield (WAF) / AWS Route53 logs / AWS GuardDuty – There aren't any sections on how these AWS services integrate with FortiSIEM. (Can it be done via Kinesis?)
    • I just saw an guide on VPC Flows
    Can anyone provide an insight? Thanks.

    ------------------------------
    Cheers,
    Isuru
    ------------------------------
    Terms & ConditionsAccessibility statement