AD Intergration with Fortisiem

Taher11 · ‎08-12-2023

Hello,

My four Active Directory accounts were successfully joined to Fortisiem using LDAP and WMI credentials, but up until this point, I was unable to get the users and groups from the AD to Fortisiem; nothing was visible on the CMDB>Users page.

FortiSIEM

EL MOUSTAPHA MOHAMED LEMINE TAHER

Secusaurus · ‎10-23-2023

Hi Taher,

I just wanted to provide you a link, but it appears the Forrinet docs miss the critical piece of information here.

As well as providing credentials for pulling the user list via Discovery, you will need to create the External Authentication Profile in Admin > Settings > General > External Authentication Profiles.

In your case, you will then have your new External Profile as an option in that exact same dialog you posted a screenshot of.

There is also an option to assign Roles by AD information, which I'd expect under "Role Management", but did not use yet.

Note, that finding traces of a compromised AD is not easy if the user management of the research tool depends on a working AD.

But I guess, other options like Okta don't necessarily mean more security these days ;)

However, in long term deployment, consider that there is no MFA using LDAP.

Best,

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner

View solution in original post

Taher11 · ‎08-14-2023

Hello

@All

EL MOUSTAPHA MOHAMED LEMINE TAHER

premchanderr · ‎08-17-2023

Hi @Taher11 ,

When you run discovery do you see any message and in discovery result it would tell you how many users, groups were discovered.

Ensure you have unchecked "Ping Only Discovery" in the discovery options.

Regards,
Prem Chander R

Taher11 · ‎08-17-2023

Thank you for your feedback

EL MOUSTAPHA MOHAMED LEMINE TAHER

Taher11 · ‎10-23-2023

Hello, I successfully uploaded the user on the CMDB side but to make a user a role like an admin or a DB admin I keep having the below error.

EL MOUSTAPHA MOHAMED LEMINE TAHER

Secusaurus · ‎10-23-2023

Hi Taher,

I just wanted to provide you a link, but it appears the Forrinet docs miss the critical piece of information here.

As well as providing credentials for pulling the user list via Discovery, you will need to create the External Authentication Profile in Admin > Settings > General > External Authentication Profiles.

In your case, you will then have your new External Profile as an option in that exact same dialog you posted a screenshot of.

There is also an option to assign Roles by AD information, which I'd expect under "Role Management", but did not use yet.

Note, that finding traces of a compromised AD is not easy if the user management of the research tool depends on a working AD.

But I guess, other options like Okta don't necessarily mean more security these days ;)

However, in long term deployment, consider that there is no MFA using LDAP.

Best,

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner

Taher11 · ‎10-24-2023

Thank you, the problem was solved once I added the AD as an external authentificator.

EL MOUSTAPHA MOHAMED LEMINE TAHER

FSM_FTNT · ‎10-25-2023

Thanks @Secusaurus, for pointing out the doc. I've updated the document here to include additional steps for configuring the user to use External Authentication. Hopefully, this is more clear than before.