This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.
Created on 09-21-2015 07:52 PM
A whole new way to visualize, respond and mitigate your network security data
Fortinet today announced the FortiGate App and Technology Add-on at the Splunk 6th annual user conference https://conf.splunk.com/ and it’s our first time exhibiting at this data driven SIEM focused conference. Just like the event key message around the data, there is a big industry push for network security companies like Fortinet on how to visualize, respond and remediate to the events based on the data in real time.
What is the difference between App and Add-On?
FortiGate App for Splunk
FortiGate App is the standalone application can be downloaded from splunkbase https://splunkbase.splunk.com/. The App synchronizes the syslogs in real-time with all FortiGate appliances in your datacenter and presents the NGFW security, UTM, Traffic, and compliance dashboards with pre-built templates. It helps pinpoint the vulnerability and respond to breaches in minutes instead of days and months.
FortiGate Add-on for Splunk
In Fortinet’s SDN Security Framework http://www.fortinet.com/solutions/sdn.html, one of the objectives is to Platform Orchestration and Automation. Splunk Enterprise Security offers the operational intelligence makes it simple to collect, analyze and act upon the untapped value of the big data generated by your technology infrastructure, security systems and business applications—giving you the insights to operationalize the day-to-day datacenter IT practices with with bells and whistles. The technology add-on to includes predefined inputs to collect data from FortiGate appliances and maps to normalize the data to the Common Information Model. It can be plugged in to the Splunk Enterprise Security. The beauty of the add-on provides the broader eco-system integration from customer’s end-to-end datacenter standpoint.
Active Response Framework
Active Response Framework is another eye-catching feature in our Splunk integration. The power of having the data containing all of network security intelligence flowing into Splunk Enterprise and being able to respond on that data, is completing the full loop. So you are not just see the incidents instead you are able to react and remediate the firewall policies and rules in real time.
Fortinet provides rich set of APIs allows XML, JSON or scripting integration like Python to track and reset firewall rules directly through Splunk and modify the FortiGate rules on command.
Some might argues if the integration is the same for all vendors. What makes FortiGate to present the impressive data and threat intelligence? The key differentiator is still our FortiOS.
Solution Brief on the integrations
Created on 10-01-2015 11:15 AM
Our presence at .conf 2015 was fantastic - thank you for your support.
I have a question on Active Response. I see on Splunkbase we have the App, Add-on and there is the Active Response Framework. How does a customer engage with the Active Response Framework specific to Fortinet? Are there downloads available?
I have a customer looking into Splunt Integration and Active Response Framework.
Did you manage to get an answer on your question in this blog?
Please schedule a time to go over what the customer is looing to achieve using Active Response. We can help them configured the framework to work with FortiGate.
The Active Response was a prototype we did with splunk. We have a demo instance in engineering lab to show the interaction how policy is configured and remediated in a full loop through FortiGate API.