This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.
A whole new way to visualize, respond and mitigate your network security data
Fortinet today announced the FortiGate App and Technology Add-on at the Splunk 6th annual user conference https://conf.splunk.com/ and it’s our first time exhibiting at this data driven SIEM focused conference. Just like the event key message around the data, there is a big industry push for network security companies like Fortinet on how to visualize, respond and remediate to the events based on the data in real time.
What is the difference between App and Add-On?
FortiGate App for Splunk
https://splunkbase.splunk.com/app/2800
FortiGate App is the standalone application can be downloaded from splunkbase https://splunkbase.splunk.com/. The App synchronizes the syslogs in real-time with all FortiGate appliances in your datacenter and presents the NGFW security, UTM, Traffic, and compliance dashboards with pre-built templates. It helps pinpoint the vulnerability and respond to breaches in minutes instead of days and months.
https://www.dropbox.com/s/qyp2zg7yfdsazgx/fortinetfortigate_app_splunk.mp4?dl=0
FortiGate Add-on for Splunk
https://splunkbase.splunk.com/app/2846/
In Fortinet’s SDN Security Framework http://www.fortinet.com/solutions/sdn.html, one of the objectives is to Platform Orchestration and Automation. Splunk Enterprise Security offers the operational intelligence makes it simple to collect, analyze and act upon the untapped value of the big data generated by your technology infrastructure, security systems and business applications—giving you the insights to operationalize the day-to-day datacenter IT practices with with bells and whistles. The technology add-on to includes predefined inputs to collect data from FortiGate appliances and maps to normalize the data to the Common Information Model. It can be plugged in to the Splunk Enterprise Security. The beauty of the add-on provides the broader eco-system integration from customer’s end-to-end datacenter standpoint.
https://www.dropbox.com/home/splunk%20demo%20video%20no%20audio?preview=fortigate_addon_splunk.mp4
Active Response Framework
Active Response Framework is another eye-catching feature in our Splunk integration. The power of having the data containing all of network security intelligence flowing into Splunk Enterprise and being able to respond on that data, is completing the full loop. So you are not just see the incidents instead you are able to react and remediate the firewall policies and rules in real time.
Fortinet provides rich set of APIs allows XML, JSON or scripting integration like Python to track and reset firewall rules directly through Splunk and modify the FortiGate rules on command.
https://www.dropbox.com/s/2ezne7hoxopjrbi/splunkARv2.mp4?dl=0
Some might argues if the integration is the same for all vendors. What makes FortiGate to present the impressive data and threat intelligence? The key differentiator is still our FortiOS.
Solution Brief on the integrations
http://www.fortinet.com/sites/default/files/solutionbrief/SolutionBrief-Fortinet-Splunk.pdf
Our presence at .conf 2015 was fantastic - thank you for your support.
I have a question on Active Response. I see on Splunkbase we have the App, Add-on and there is the Active Response Framework. How does a customer engage with the Active Response Framework specific to Fortinet? Are there downloads available?
Hi Wayne,
I have a customer looking into Splunt Integration and Active Response Framework.
Did you manage to get an answer on your question in this blog?
regards
Sinisa
No I did not. At this point I've left the integration to the customer, who has a strong partnership with Splunk themselves.
Please schedule a time to go over what the customer is looing to achieve using Active Response. We can help them configured the framework to work with FortiGate.
The Active Response was a prototype we did with splunk. We have a demo instance in engineering lab to show the interaction how policy is configured and remediated in a full loop through FortiGate API.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.