Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
heng
Staff
Staff

Created on ‎05-16-2022 11:39 PM

Article Id 212299

Technical Tip: Security Rating Report and PCI-DSS Compliance Report

Description

This article describes that FortiGate has stopped supporting compliance check logs since version 6.2.3 GA and above.

 

Hence, the FortiAnalyzer predefined 'PCI-DSS Compliance Review' report will no longer contains data as FortiAnalyzer is not longer receiving any same log type from the FortiGate version 6.2.3 and above.

 

The predefined 'PCI-DSS Compliance Review' report only supported for FortiGate version lower than 6.2.3 GA.

 

FortiGate version 6.2.3 GA and above is sending new log type of Security Rating (subtype=security-rating) to FortiAnalyzer.

And for now there is no predefined report available for Security Rating in FortiAnalyzer version 6.4, 7.0 and 7.2.

 

fyheng_0-1652767722378.png

 

Raw logs:

 

date=2022-05-17 time=15:32:25 id=7098573976615518208 itime=2022-05-17 15:32:28 euid=3 epid=3 dsteuid=3 dstepid=3 logver=604071911 logid=0110052000 type=event subtype=security-rating level=notice logdesc=Security Rating summary auditscore=362.0 auditreporttype=PostureReport audittime=1652765545 auditid=1652765539576 eventtime=1652765545590616513 criticalcount=1 highcount=6 mediumcount=14 lowcount=1 passedcount=30 tz=+1000 devid=FGVM01TM19-----9 vd=root csf=fortinet dtime=2022-05-17 15:32:25 itime_t=1652765548 devname=FPOC-kvm05
Scope  
Solution

However, a predefined charts chart and datasets are added in FortiAnalyzer version 7.2.0 GA onwards.

 

It is possible to create a custom report with the predefined charts and predefined datasets if  a Security Rating report is necessary by tabulating the Security Rating event logs from the FortiGate.

For complex report and data representation, It is possible further fine tune from the predefined charts and datasets to a custom one.

 

Security Rating predefined Datasets (7.2.0 GA):

 

- Under the datasets section, search the keyword 'security-Rating'.

 

fyheng_2-1652767847801.png

 

Security Rating predefined Charts (7.2.0 GA):

 

- Under the charts section, search the keyword 'security rating'.

 

fyheng_1-1652767838002.png

 

Reference:

 

- Attached is a sample custom Security Rating report (Security Rating Report-version_7.2.0.pdf) from the predefined charts and datasets.

 

- Attached also the custom report config where it is possible to import into FortiAnalyzer Report module, it is based on version 7.2 (Security Rating Report_version_7.2.0.zip). Extract the .zip file to .dat before import the report config.
Preview file
168 KB
Security Rating Report_version_7.2.0.zip
1924
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.