Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

isuru
New Contributor II

Created on ‎01-28-2021 04:06 AM

FortiSIEM - AWS Integration

Hi All,

I would like to clarify few things regarding FortSIEM integration with AWS Environment.


  • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
  • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
    • Whether is it using Kinesis Data Streams/Data Firehose
    • Does it collect these streams to a S3 bucket
    • What type of log sources supported via Kinesis
  • AWS Shield (WAF) / AWS Route53 logs / AWS GuardDuty – There aren't any sections on how these AWS services integrate with FortiSIEM. (Can it be done via Kinesis?)
  • I just saw an guide on VPC Flows
Can anyone provide an insight? Thanks.

------------------------------
Cheers,
Isuru
------------------------------
Cheers,
Isuru Malawige
Cheers,Isuru Malawige
Labels:
609
0 Kudos
4 REPLIES 4
FSM_FTNT
Staff
Staff

Created on ‎02-15-2021 02:58 AM

Hi Isuru,

  • AWS CloudWatch – There is a section on the guide on AWS EC2 CloudWatch API but nothing related to CloudWatch events on other AWS services.
    • It collects the EC2 Metrics. If there is something else you need, let us know.
  • AWS Kinesis - There is a section on the guide on AWS Kinesis but it doesn't mention specifics such as
    • AWS Kinesis can collect data from different devices/services, the data format is as same as source data so may require a parser to be created. As an example. AWS Shield could log to Kinesis but logs may not be parsed.

Thanks

Dan


------------------------------
Daniel
FortiSIEM Product Manager
------------------------------
577
0 Kudos
isuru
New Contributor II
In response to FSM_FTNT

Created on ‎02-21-2021 09:00 AM

Hi Dan,

Thanks for the response, but my concerns are,

  • It collects the EC2 Metrics. If there is something else you need, let us know.
    • What about other metrics ?
    • Does FortiSIEM only support EC2 metrics?
MessageImages_a9fc162b7af048e08a1a9ab807963349.png
  • AWS Kinesis can collect data from different devices/services, the data format is as same as source data so may require a parser to be created. As an example. AWS Shield could log to Kinesis but logs may not be parsed.
    • What if we store the kinesis streams to a S3 bucket ?
    • Will the provided integration be able to pull those streams ?


------------------------------
Cheers,
Isuru
------------------------------
Cheers,
Isuru Malawige
Cheers,Isuru Malawige
577
0 Kudos
dtomic_FTNT
Staff
Staff
In response to isuru

Created on ‎03-23-2021 08:06 AM

Hi Isuru,

It supports RDS, EFS and EC2 metrics using the EC2 credential method.
Using Kinesis credential method it supports all services that can log to S3 using Kinesis. You'll need to create a credential per each Kinesis/S3 pair.
Using Cloudtrail it supports all services that log to S3 using cloudtrail. You also need to create a credential per each CloudTrail/SNS/S3 group.

You may run into the case of the parser being too generic for a specific service that you're logging, if that is the case then PM me and I'll enhance the parser for the service you need.

Kind Regards,

------------------------------
Dušan Tomić - Consulting Systems Engineer INTL
Fortinet
------------------------------
Dušan Tomić - Consulting Systems Engineer INTL Fortinet
577
0 Kudos
isuru
New Contributor II
In response to dtomic_FTNT

Created on ‎03-25-2021 08:38 PM

Hi Dusan,

Thanks for the insight and support.

------------------------------
Cheers,
Isuru
------------------------------
Cheers,
Isuru Malawige
Cheers,Isuru Malawige
577
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.