Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

CyntHsie
Staff
Staff

Created on ‎09-21-2015 07:52 PM

A whole new way to visualize, respond and mitigate your network security data

A whole new way to visualize, respond and mitigate your network security data

Fortinet today announced the FortiGate App and Technology Add-on at the Splunk 6th annual user conference https://conf.splunk.com/ and it’s our first time exhibiting at this data driven SIEM focused conference. Just like the event key message around the data, there is a big industry push for network security companies like Fortinet on how to visualize, respond and remediate to the events based on the data in real time.

 

What is the difference between App and Add-On?

  • Apps package together Splunk features like saved searches, dashboards and inputs into their own GUI.
  • Add-ons are smaller components that don't have their own GUI and may need some extra configuration.

FortiGate App for Splunk

https://splunkbase.splunk.com/app/2800

FortiGate App is the standalone application can be downloaded from splunkbase https://splunkbase.splunk.com/. The App synchronizes the syslogs in real-time with all FortiGate appliances in your datacenter and presents the NGFW security, UTM, Traffic, and compliance dashboards with pre-built templates. It helps pinpoint the vulnerability and respond to breaches in minutes instead of days and months.

 

https://www.dropbox.com/s/qyp2zg7yfdsazgx/fortinetfortigate_app_splunk.mp4?dl=0

 

FortiGate Add-on for Splunk

https://splunkbase.splunk.com/app/2846/

In Fortinet’s SDN Security Framework http://www.fortinet.com/solutions/sdn.html, one of the objectives is to Platform Orchestration and Automation. Splunk Enterprise Security offers the operational intelligence makes it simple to collect, analyze and act upon the untapped value of the big data generated by your technology infrastructure, security systems and business applications—giving you the insights to operationalize the day-to-day datacenter IT practices with with bells and whistles. The technology add-on to includes predefined inputs to collect data from FortiGate appliances and maps to normalize the data to the Common Information Model. It can be plugged in to the Splunk Enterprise Security. The beauty of the add-on provides the broader eco-system integration from customer’s end-to-end datacenter standpoint.

 

https://www.dropbox.com/home/splunk%20demo%20video%20no%20audio?preview=fortigate_addon_splunk.mp4

 

Active Response Framework

 

Active Response Framework is another eye-catching feature in our Splunk integration. The power of having the data containing all of network security intelligence flowing into Splunk Enterprise and being able to respond on that data, is completing the full loop. So you are not just see the incidents instead you are able to react and remediate the firewall policies and rules in real time.

 

Fortinet provides rich set of APIs allows XML, JSON or scripting integration like Python to track and reset firewall rules directly through Splunk and modify the FortiGate rules on command.

  

https://www.dropbox.com/s/2ezne7hoxopjrbi/splunkARv2.mp4?dl=0

 

Some might argues if the integration is the same for all vendors. What makes FortiGate to present the impressive data and threat intelligence? The key differentiator is still our FortiOS.

 

Solution Brief on the integrations

 

http://www.fortinet.com/sites/default/files/solutionbrief/SolutionBrief-Fortinet-Splunk.pdf

 

Preview file
1450 KB
Labels:
1753
0 Kudos
5 REPLIES 5
fortiwhall_FTNT
Staff
Staff

Created on ‎10-01-2015 11:15 AM

Our presence at .conf 2015 was fantastic - thank you for your support.

I have a question on Active Response. I see on Splunkbase we have the App, Add-on and there is the Active Response Framework.  How does a customer engage with the Active Response Framework specific to Fortinet?  Are there downloads available?

1748
0 Kudos
SINI_FTNT
Staff
Staff
In response to fortiwhall_FTNT

Created on ‎02-23-2016 08:42 AM

Hi Wayne,

I have a customer looking into Splunt Integration and Active Response Framework.

Did you manage to get an answer on your question in this blog?

regards

Sinisa

1748
0 Kudos
fortiwhall_FTNT
Staff
Staff
In response to SINI_FTNT

Created on ‎02-23-2016 08:51 AM

No I did not.  At this point I've left the integration to the customer, who has a strong partnership with Splunk themselves.

1748
0 Kudos
CyntHsie
Staff
Staff
In response to SINI_FTNT

Created on ‎02-23-2016 11:15 AM

Please schedule a time to go over what the customer is looing to achieve using Active Response. We can help them configured the framework to work with FortiGate. 

1748
0 Kudos
CyntHsie
Staff
Staff
In response to fortiwhall_FTNT

Created on ‎02-23-2016 11:11 AM

The Active Response was a prototype we did with splunk. We have a demo instance in engineering lab to show the interaction how policy is configured and remediated in a full loop through FortiGate API.

1748
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.