On the FortiEDR Side.

1. Add a FortiEDR user with Rest API roles v5.2, v6.0+.
2. Login to the FortiEDR console after the user was created to change the initial password.

On FortiSIEM.

First: Create Credentials for FortiEDR:

In FortiSIEM, navigate to Admin -> Credentials -> Select 'New' under the 'Step 1: Enter Credentials' section. Then the Access Method Definition window will open:

1. Select the 'Fortinet FortiEDR' device type.
2. FortiEDR_API populates in the Access Protocol field.
3. Specify pull interval.
4. Tenant ID field: In the case of single-tenant environments, leave it blank.
   
   

In multi-organization deployments:

• If it is desired to pull data for All organizations in FortiEDR, leave it blank. It is important to note that the FortiEDR user must be created under 'All organization' as well.
• In case of shared environments, or security data for a specific organization, it is possible to grab the Tenant ID value from any Windows machine with FortiEDR Collector installed and registered to the same organization. With a text editor, open the CollectorBootstrap.jsn file located under C:\ProgramData\FortiEDR\Config\Collector.
  
  

The tenant ID is a value stored in the 'AccountId' key.

5. Enter credentials for users associated with specific organizations.

    

Second: Define the Credential Associations:

• Select the New button in section Step 2: Enter IP Range to Credential Associations.

• Enter FortiEDR Console FQDN or IP address.
• Select the created FortiEDR credentials.

Lastly, test the newly added credentials by:

• Selecting FortiEDR credential association.
• Selecting Test button -> Test Connectivity under 'Step 2: Enter IP Range to Credential Associations'.

For further info about FortiSIEM configuration, follow this document: Fortinet FortiEDR.