Description |
This article describes that FortiGate has stopped supporting compliance check logs since version 6.2.3 GA and above.
Hence, the FortiAnalyzer predefined 'PCI-DSS Compliance Review' report will no longer contains data as FortiAnalyzer is not longer receiving any same log type from the FortiGate version 6.2.3 and above.
The predefined 'PCI-DSS Compliance Review' report only supported for FortiGate version lower than 6.2.3 GA.
FortiGate version 6.2.3 GA and above is sending new log type of Security Rating (subtype=security-rating) to FortiAnalyzer. And for now there is no predefined report available for Security Rating in FortiAnalyzer version 6.4, 7.0 and 7.2.
Raw logs:
date=2022-05-17 time=15:32:25 id=7098573976615518208 itime=2022-05-17 15:32:28 euid=3 epid=3 dsteuid=3 dstepid=3 logver=604071911 logid=0110052000 type=event subtype=security-rating level=notice logdesc=Security Rating summary auditscore=362.0 auditreporttype=PostureReport audittime=1652765545 auditid=1652765539576 eventtime=1652765545590616513 criticalcount=1 highcount=6 mediumcount=14 lowcount=1 passedcount=30 tz=+1000 devid=FGVM01TM19-----9 vd=root csf=fortinet dtime=2022-05-17 15:32:25 itime_t=1652765548 devname=FPOC-kvm05 |
Scope | |
Solution |
However, a predefined charts chart and datasets are added in FortiAnalyzer version 7.2.0 GA onwards.
It is possible to create a custom report with the predefined charts and predefined datasets if a Security Rating report is necessary by tabulating the Security Rating event logs from the FortiGate. For complex report and data representation, It is possible further fine tune from the predefined charts and datasets to a custom one.
Security Rating predefined Datasets (7.2.0 GA):
- Under the datasets section, search the keyword 'security-Rating'.
Security Rating predefined Charts (7.2.0 GA):
- Under the charts section, search the keyword 'security rating'.
Reference:
- Attached is a sample custom Security Rating report (Security Rating Report-version_7.2.0.pdf) from the predefined charts and datasets.
- Attached also the custom report config where it is possible to import into FortiAnalyzer Report module, it is based on version 7.2 (Security Rating Report_version_7.2.0.zip). Extract the .zip file to .dat before import the report config. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.